STIGQter: STIG Summary: McAfee VSEL 1.9/2.0 Managed Client Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Apr 2020:

The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive all patches, service packs and updates from a DoD-managed source.

DISA Rule

SV-77555r1_rule

Vulnerability Number

V-63065

Group Title

SRG-APP-000131

Rule Version

DTAVSEL-201

Severity

CAT II

CCI(s)

CCI-001749 - The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

Weight

Fix Recommendation

Configure the ePO server to use the DoD-controlled source repository.

Check Contents

Log into the ePO server console.

From Menu, select Configuration >> Server Settings.

From Setting Categories, select Source Sites.

Verify the DoD-controlled entry (mcafee.csd.disa.mil) for source repositories is present.

If the DoD-controlled entry for source sites is not present, this is a finding.

Note: If this is a disconnected network, this requirement can be met via the use of a manual distribution. The process must be documented and meet the requirements for frequency as defined in this document.

Note: If the ePO server is outside of the .mil address space (such as, .edu, .gov, etc.), connection to the DoD-controlled servers for updates will not be possible. In this case, updates from the vendor are acceptable and this check should be marked NA.

The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive all patches, service packs and updates from a DoD-managed source.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments