STIGQter STIGQter: STIG Summary: McAfee MOVE Agentless 3.6.1 Security Virtual Appliance STIG Version: 1 Release: 5 Benchmark Date: 28 Oct 2016: For any path or file exclusions configured in the McAfee MOVE AV Agentless Scan policy, those exclusions must be formally documented by the System Administrator and approved by the IAO/IAM.

DISA Rule

SV-61741r2_rule

Vulnerability Number

V-48863

Group Title

AV-MOVE-SVA-113-McAfee MOVE scan file exclusions

Rule Version

AV-MOVE-SVA-113

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page.

From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.6.1”. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column.

In the “Exclusions” tab, removed any entries from the "Path and File Exclusion:" which have not been documented by the System Administrator and approved by the IAO/IAM.

Click on Save.

Check Contents

From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page.

Click on Actions | Agent | Modify Policies on a Single System.

From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.6.1”. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column.

In the “Exclusions” tab, verify the "Path and File Exclusion:" does not have any entry other than the default "**\McAfee\Common Framework\".

If any entries other than the default "**\McAfee\Common Framework\" do exist, verify those exclusions have been formally documented by the System Administrator and approved by the ISSO/ISSM.

If there are entries in the "Path and File Exclusion:" other than the default "**\McAfee\Common Framework\" and those exclusions have not been formally documented by the System Administrator and approved by the ISSO/ISSM, this is a finding.

If the "Path and File Exclusion:" has been populated with any exclusions other than the default, and those exclusions have been formally documented by the System Administrator and approved by the ISSO/ISSM, this is not a finding.

Vulnerability Number

V-48863

Documentable

False

Rule Version

AV-MOVE-SVA-113

Severity Override Guidance

From the ePO server console System Tree, select "My Organization". Select the Systems tab. To show all systems in the System Tree, select "This Group and All Subgroups" from the "Preset:" drop-down list. From the list of systems, locate the asset representing the McAfee MOVE Security Virtual Appliance (SVA). Click on the system to open the System Information page.

Click on Actions | Agent | Modify Policies on a Single System.

From the "Product:" drop-down list, select “MOVE AV [Agentless] 3.6.1”. Locate "Scan" under the "Category" column and select the policy corresponding to it, found under the "Policy" column.

In the “Exclusions” tab, verify the "Path and File Exclusion:" does not have any entry other than the default "**\McAfee\Common Framework\".

If any entries other than the default "**\McAfee\Common Framework\" do exist, verify those exclusions have been formally documented by the System Administrator and approved by the ISSO/ISSM.

If there are entries in the "Path and File Exclusion:" other than the default "**\McAfee\Common Framework\" and those exclusions have not been formally documented by the System Administrator and approved by the ISSO/ISSM, this is a finding.

If the "Path and File Exclusion:" has been populated with any exclusions other than the default, and those exclusions have been formally documented by the System Administrator and approved by the ISSO/ISSM, this is not a finding.

Check Content Reference

M

Responsibility

Information Assurance Manager

Target Key

2578

Comments