← Back to Home 📄 Display JSON

📊 Ubuntu System Assessment Results - FedRAMP Moderate

Assessment Results for Security Controls Evaluation

Results Information

UUID 85fc2a99-d9c5-46b9-b0cb-fe8f99a76902
Regulation FedRAMP Rev 5 Moderate
Assessment Scope host-assessment
Subject Count 6
Result Summary partial-pass-with-findings
Version 1.0
Last Modified 2026-05-09 08:16:56.658719+00:00
OSCAL Version 1.2.1

Referenced Assessment Plan

Assessment Plan Location: ../assessment-plans/Ubuntu-System-ap-fedramp-moderate/assessment-plan.json

Assessment Activities

Mapped XCCDF evidence analysis

XCCDF rule results were normalized and mapped to FedRAMP Rev 5 Moderate control identifiers.

1. Parse XCCDF rule results Collected rule pass/fail results for all 10 Ubuntu servers.
2. Map rules to controls Used component definition implemented-requirement Rule_Id properties to associate evidence with controls.

Assessment Result Sets

FedRAMP Rev 5 Moderate assessment execution results

Assessment results for 10 inventory items evaluated against FedRAMP Rev 5 Moderate using mapped XCCDF evidence.

Start: 2026-04-09 08:16:56.658719+00:00 End: 2026-05-09 08:16:56.658719+00:00

Remarks: Assessment results generated from XCCDF scan data for 10 servers with 42 controls evaluated.

Reviewed Controls

ac-1: partially-satisfied (20 pass / 4 fail rule evaluations)

ac-11: partially-satisfied (4 pass / 2 fail rule evaluations)

ac-11.1: partially-satisfied (4 pass / 2 fail rule evaluations)

ac-12: partially-satisfied (4 pass / 2 fail rule evaluations)

ac-17.1: partially-satisfied (5 pass / 1 fail rule evaluations)

ac-17.2: partially-satisfied (15 pass / 3 fail rule evaluations)

ac-2: partially-satisfied (20 pass / 4 fail rule evaluations)

ac-2.1: partially-satisfied (20 pass / 4 fail rule evaluations)

ac-2.2: satisfied (6 pass / 0 fail rule evaluations)

ac-2.3: satisfied (6 pass / 0 fail rule evaluations)

ac-2.5: partially-satisfied (4 pass / 2 fail rule evaluations)

ac-3: partially-satisfied (88 pass / 20 fail rule evaluations)

ac-5: partially-satisfied (88 pass / 20 fail rule evaluations)

ac-6: partially-satisfied (88 pass / 20 fail rule evaluations)

ac-6.1: partially-satisfied (5 pass / 1 fail rule evaluations)

ac-6.2: partially-satisfied (32 pass / 4 fail rule evaluations)

ac-6.5: partially-satisfied (32 pass / 4 fail rule evaluations)

au-12: partially-satisfied (6 pass / 12 fail rule evaluations)

au-2: not-satisfied (0 pass / 6 fail rule evaluations)

au-3: partially-satisfied (6 pass / 6 fail rule evaluations)

au-3.1: partially-satisfied (6 pass / 6 fail rule evaluations)

au-6.1: satisfied (6 pass / 0 fail rule evaluations)

au-7: partially-satisfied (6 pass / 12 fail rule evaluations)

cm-1: partially-satisfied (5 pass / 1 fail rule evaluations)

cm-2: partially-satisfied (5 pass / 1 fail rule evaluations)

cm-3.2: partially-satisfied (4 pass / 2 fail rule evaluations)

cm-6: partially-satisfied (10 pass / 2 fail rule evaluations)

cm-7: partially-satisfied (10 pass / 2 fail rule evaluations)

cm-7.1: partially-satisfied (5 pass / 1 fail rule evaluations)

cm-9: partially-satisfied (5 pass / 1 fail rule evaluations)

ia-5: partially-satisfied (15 pass / 3 fail rule evaluations)

ia-5.1: partially-satisfied (185 pass / 25 fail rule evaluations)

mp-2: partially-satisfied (88 pass / 20 fail rule evaluations)

sa-10: partially-satisfied (5 pass / 1 fail rule evaluations)

sa-3: partially-satisfied (5 pass / 1 fail rule evaluations)

sa-8: partially-satisfied (5 pass / 1 fail rule evaluations)

sc-28: partially-satisfied (21 pass / 3 fail rule evaluations)

sc-28.1: partially-satisfied (21 pass / 3 fail rule evaluations)

sc-8: partially-satisfied (15 pass / 3 fail rule evaluations)

sc-8.1: partially-satisfied (15 pass / 3 fail rule evaluations)

si-2.2: partially-satisfied (5 pass / 1 fail rule evaluations)

si-4.2: partially-satisfied (4 pass / 2 fail rule evaluations)

Assessment Log

XCCDF scans executed

Executed security compliance scans on 10 inventory items.

Start: 2026-04-09 08:16:56.658719+00:00 End: 2026-04-10 08:16:56.658719+00:00

Control mapping analysis completed

Mapped rule-level evidence to control identifiers using component definitions and regulatory mappings.

Start: 2026-05-08 08:16:56.658719+00:00 End: 2026-05-09 08:16:56.658719+00:00

Observations (42)

Control ac-1 assessment outcome

Control ac-1 is partially-satisfied based on 20 passing and 4 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_passwords_pam_faillock_deny, accounts_passwords_pam_faillock_enabled, accounts_passwords_pam_faillock_root_unlock_time, accounts_passwords_pam_faillock_unlock_time

Control ac-11 assessment outcome

Control ac-11 is partially-satisfied based on 4 passing and 2 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_tmout

Control ac-11.1 assessment outcome

Control ac-11.1 is partially-satisfied based on 4 passing and 2 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_tmout

Control ac-12 assessment outcome

Control ac-12 is partially-satisfied based on 4 passing and 2 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_tmout

Control ac-17.1 assessment outcome

Control ac-17.1 is partially-satisfied based on 5 passing and 1 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: sshd_logging_enabled

Control ac-17.2 assessment outcome

Control ac-17.2 is partially-satisfied based on 15 passing and 3 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: sshd_use_strong_ciphers, sshd_use_strong_kex, sshd_use_strong_macs

Control ac-2 assessment outcome

Control ac-2 is partially-satisfied based on 20 passing and 4 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_passwords_pam_faillock_deny, accounts_passwords_pam_faillock_enabled, accounts_passwords_pam_faillock_root_unlock_time, accounts_passwords_pam_faillock_unlock_time

Control ac-2.1 assessment outcome

Control ac-2.1 is partially-satisfied based on 20 passing and 4 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_passwords_pam_faillock_deny, accounts_passwords_pam_faillock_enabled, accounts_passwords_pam_faillock_root_unlock_time, accounts_passwords_pam_faillock_unlock_time

Control ac-2.2 assessment outcome

Control ac-2.2 is satisfied based on 6 passing and 0 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: account_temporary_expiration_configured

Control ac-2.3 assessment outcome

Control ac-2.3 is satisfied based on 6 passing and 0 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: account_disable_inactive_accounts

Control ac-2.5 assessment outcome

Control ac-2.5 is partially-satisfied based on 4 passing and 2 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_tmout

Control ac-3 assessment outcome

Control ac-3 is partially-satisfied based on 88 passing and 20 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_pam_unix_enabled, accounts_root_gid_zero, accounts_umask_etc_bashrc, accounts_umask_etc_login_defs, accounts_umask_etc_profile, accounts_umask_root, ensure_pam_wheel_group_empty, ensure_root_access_controlled, file_groupowner_sshd_config, file_owner_sshd_config, file_permissions_sshd_config, file_permissions_sshd_private_key, file_permissions_sshd_pub_key, groups_no_zero_gid_except_root, no_invalid_shell_accounts_unlocked, no_shelllogin_for_systemaccounts, sshd_limit_user_access, use_pam_wheel_group_for_su

Control ac-5 assessment outcome

Control ac-5 is partially-satisfied based on 88 passing and 20 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_pam_unix_enabled, accounts_root_gid_zero, accounts_umask_etc_bashrc, accounts_umask_etc_login_defs, accounts_umask_etc_profile, accounts_umask_root, ensure_pam_wheel_group_empty, ensure_root_access_controlled, file_groupowner_sshd_config, file_owner_sshd_config, file_permissions_sshd_config, file_permissions_sshd_private_key, file_permissions_sshd_pub_key, groups_no_zero_gid_except_root, no_invalid_shell_accounts_unlocked, no_shelllogin_for_systemaccounts, sshd_limit_user_access, use_pam_wheel_group_for_su

Control ac-6 assessment outcome

Control ac-6 is partially-satisfied based on 88 passing and 20 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_pam_unix_enabled, accounts_root_gid_zero, accounts_umask_etc_bashrc, accounts_umask_etc_login_defs, accounts_umask_etc_profile, accounts_umask_root, ensure_pam_wheel_group_empty, ensure_root_access_controlled, file_groupowner_sshd_config, file_owner_sshd_config, file_permissions_sshd_config, file_permissions_sshd_private_key, file_permissions_sshd_pub_key, groups_no_zero_gid_except_root, no_invalid_shell_accounts_unlocked, no_shelllogin_for_systemaccounts, sshd_limit_user_access, use_pam_wheel_group_for_su

Control ac-6.1 assessment outcome

Control ac-6.1 is partially-satisfied based on 5 passing and 1 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: sudo_security_function_authorization

Control ac-6.2 assessment outcome

Control ac-6.2 is partially-satisfied based on 32 passing and 4 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: package_sudo_installed, sshd_disable_root_login, sudo_add_use_pty, sudo_remove_no_authenticate, sudo_require_authentication, sudo_require_reauthentication

Control ac-6.5 assessment outcome

Control ac-6.5 is partially-satisfied based on 32 passing and 4 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: package_sudo_installed, sshd_disable_root_login, sudo_add_use_pty, sudo_remove_no_authenticate, sudo_require_authentication, sudo_require_reauthentication

Control au-12 assessment outcome

Control au-12 is partially-satisfied based on 6 passing and 12 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: sshd_set_loglevel_info, sshd_set_max_auth_tries, sudo_custom_logfile

Control au-2 assessment outcome

Control au-2 is not-satisfied based on 0 passing and 6 failing mapped XCCDF rule evaluations across 6 assessed subjects (all rule evaluations failed).

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: sshd_set_loglevel_info

Control au-3 assessment outcome

Control au-3 is partially-satisfied based on 6 passing and 6 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: sshd_set_max_auth_tries, sudo_custom_logfile

Control au-3.1 assessment outcome

Control au-3.1 is partially-satisfied based on 6 passing and 6 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: sshd_set_max_auth_tries, sudo_custom_logfile

Control au-6.1 assessment outcome

Control au-6.1 is satisfied based on 6 passing and 0 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: log_analysis_tool_configured

Control au-7 assessment outcome

Control au-7 is partially-satisfied based on 6 passing and 12 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: sshd_set_loglevel_info, sshd_set_max_auth_tries, sudo_custom_logfile

Control cm-1 assessment outcome

Control cm-1 is partially-satisfied based on 5 passing and 1 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_warn_age_login_defs

Control cm-2 assessment outcome

Control cm-2 is partially-satisfied based on 5 passing and 1 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_warn_age_login_defs

Control cm-3.2 assessment outcome

Control cm-3.2 is partially-satisfied based on 4 passing and 2 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: change_control_documentation_required

Control cm-6 assessment outcome

Control cm-6 is partially-satisfied based on 10 passing and 2 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_warn_age_login_defs, sshd_disable_forwarding

Control cm-7 assessment outcome

Control cm-7 is partially-satisfied based on 10 passing and 2 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_warn_age_login_defs, sshd_disable_forwarding

Control cm-7.1 assessment outcome

Control cm-7.1 is partially-satisfied based on 5 passing and 1 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_warn_age_login_defs

Control cm-9 assessment outcome

Control cm-9 is partially-satisfied based on 5 passing and 1 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_warn_age_login_defs

Control ia-5 assessment outcome

Control ia-5 is partially-satisfied based on 15 passing and 3 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: sshd_use_strong_ciphers, sshd_use_strong_kex, sshd_use_strong_macs

Control ia-5.1 assessment outcome

Control ia-5.1 is partially-satisfied based on 185 passing and 25 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: account_disable_post_pw_expiration, accounts_maximum_age_login_defs, accounts_minimum_age_login_defs, accounts_password_last_change_is_in_past, accounts_password_pam_dcredit, accounts_password_pam_dictcheck, accounts_password_pam_difok, accounts_password_pam_enforce_root, accounts_password_pam_enforcing, accounts_password_pam_lcredit, accounts_password_pam_maxrepeat, accounts_password_pam_maxsequence, accounts_password_pam_minclass, accounts_password_pam_minlen, accounts_password_pam_ocredit, accounts_password_pam_pwhistory_enabled, accounts_password_pam_pwhistory_enforce_root, accounts_password_pam_pwhistory_remember, accounts_password_pam_pwhistory_use_authtok, accounts_password_pam_pwquality_enabled, accounts_password_pam_ucredit, accounts_password_pam_unix_authtok, accounts_password_pam_unix_no_remember, accounts_password_set_max_life_existing, accounts_password_set_min_life_existing, no_empty_passwords_unix, set_password_hashing_algorithm_logindefs, set_password_hashing_algorithm_systemauth, sshd_disable_empty_passwords, sshd_disable_gssapi_auth, sshd_disable_rhosts, sshd_enable_pam, sshd_use_strong_ciphers, sshd_use_strong_kex, sshd_use_strong_macs

Control mp-2 assessment outcome

Control mp-2 is partially-satisfied based on 88 passing and 20 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_pam_unix_enabled, accounts_root_gid_zero, accounts_umask_etc_bashrc, accounts_umask_etc_login_defs, accounts_umask_etc_profile, accounts_umask_root, ensure_pam_wheel_group_empty, ensure_root_access_controlled, file_groupowner_sshd_config, file_owner_sshd_config, file_permissions_sshd_config, file_permissions_sshd_private_key, file_permissions_sshd_pub_key, groups_no_zero_gid_except_root, no_invalid_shell_accounts_unlocked, no_shelllogin_for_systemaccounts, sshd_limit_user_access, use_pam_wheel_group_for_su

Control sa-10 assessment outcome

Control sa-10 is partially-satisfied based on 5 passing and 1 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_warn_age_login_defs

Control sa-3 assessment outcome

Control sa-3 is partially-satisfied based on 5 passing and 1 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_warn_age_login_defs

Control sa-8 assessment outcome

Control sa-8 is partially-satisfied based on 5 passing and 1 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_warn_age_login_defs

Control sc-28 assessment outcome

Control sc-28 is partially-satisfied based on 21 passing and 3 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_pam_pwhistory_use_authtok, accounts_password_pam_unix_authtok, set_password_hashing_algorithm_logindefs, set_password_hashing_algorithm_systemauth

Control sc-28.1 assessment outcome

Control sc-28.1 is partially-satisfied based on 21 passing and 3 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: accounts_password_pam_pwhistory_use_authtok, accounts_password_pam_unix_authtok, set_password_hashing_algorithm_logindefs, set_password_hashing_algorithm_systemauth

Control sc-8 assessment outcome

Control sc-8 is partially-satisfied based on 15 passing and 3 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: sshd_use_strong_ciphers, sshd_use_strong_kex, sshd_use_strong_macs

Control sc-8.1 assessment outcome

Control sc-8.1 is partially-satisfied based on 15 passing and 3 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: sshd_use_strong_ciphers, sshd_use_strong_kex, sshd_use_strong_macs

Control si-2.2 assessment outcome

Control si-2.2 is partially-satisfied based on 5 passing and 1 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: package_update_automation_configured

Control si-4.2 assessment outcome

Control si-4.2 is partially-satisfied based on 4 passing and 2 failing mapped XCCDF rule evaluations across 6 assessed subjects.

TEST finding Subjects: 6

Collected: 2026-05-09 08:16:56.658719+00:00

Evidence: Mapped rules: intrusion_detection_tool_installed