STIGQter STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016: Trend Deep Security must enforce approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.

DISA Rule

SV-80359r1_rule

Vulnerability Number

V-65869

Group Title

SRG-APP-000038

Rule Version

TMDS-00-000040

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Trend Deep Security server configuration to enforce approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.

Use the Computer and Group Rights panel to confer viewing, editing, deleting, Alert-dismissal, and Event tagging rights to Users in a Role. These rights can apply to all computers and computer groups or they can be restricted to only certain computers.

To restrict access, select the "Selected Computers" radio button and put a check next to the computer groups and computers that Users in this Role will have access to.

Administration >> User Management >> Roles

Select a Role and click Properties >> Computer Rights

Check Contents

Review the Trend Deep Security server configuration to ensure approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies are enforced.

Interview the ISSO in order to identify all users with permissions to the application. The ISSO must identify each user along with their assigned role configured for the appropriate information systems allowed.

Verify the information gathered against the application's, "Computer and Group Rights" for each "Role" created along with the users assigned.

If the information gathered does not match the settings within the application this is a finding.

Vulnerability Number

V-65869

Documentable

False

Rule Version

TMDS-00-000040

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies are enforced.

Interview the ISSO in order to identify all users with permissions to the application. The ISSO must identify each user along with their assigned role configured for the appropriate information systems allowed.

Verify the information gathered against the application's, "Computer and Group Rights" for each "Role" created along with the users assigned.

If the information gathered does not match the settings within the application this is a finding.

Check Content Reference

M

Target Key

2955

Comments