STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must automatically audit account disabling actions.

DISA Rule

SV-80355r1_rule

Vulnerability Number

V-65865

Group Title

SRG-APP-000028

Rule Version

TMDS-00-000030

Severity

CAT II

CCI(s)

• CCI-001404 - The information system automatically audits account disabling actions.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to automatically audit account disabling actions.

Enable "User Locked Out" events by selecting the following:

Administration >> System Settings >> System Events >> Enable Event ID 603 User Locked Out.

Select: Record
Select: Forward

Check Contents

Review the Trend Deep Security server configuration to ensure account disabling actions are automatically audited.

Verify "User Locked Out" events are enabled by reviewing the following:

Administration >> System Settings >> System Events >> Enable Event ID 603 User Locked Out.

Select: Record
Select: Forward

If "User Locked Out" is not enabled this is a finding.

Vulnerability Number

V-65865

Documentable

False

Rule Version

TMDS-00-000030

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure account disabling actions are automatically audited.

Verify "User Locked Out" events are enabled by reviewing the following:

Administration >> System Settings >> System Events >> Enable Event ID 603 User Locked Out.

Select: Record
Select: Forward

If "User Locked Out" is not enabled this is a finding.

Check Content Reference

M

Target Key

2955

Comments