STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must generate audit records when successful/unsuccessful attempts to access privileges occur.

DISA Rule

SV-80369r1_rule

Vulnerability Number

V-65879

Group Title

SRG-APP-000091

Rule Version

TMDS-00-000070

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to generate audit records when successful/unsuccessful attempts to access privileges occur.

Go to Administration >> System Settings >> System Events, and set the following settings to “Record.”
660 Role Created
661 Role Deleted
662 Role Updated
663 Roles Imported
664 Roles Exported

Check Contents

Review the Trend Deep Security server configuration to ensure only the ISSM (or individuals or roles appointed by the ISSM) is allowed to select which auditable events are to be audited.

Verify the following events within the Administration >> System Settings >> System Events, are set to “Record.”
660 Role Created
661 Role Deleted
662 Role Updated
663 Roles Imported
664 Roles Exported

If these settings are not set to “Record”, this is a finding.

Vulnerability Number

V-65879

Documentable

False

Rule Version

TMDS-00-000070

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure only the ISSM (or individuals or roles appointed by the ISSM) is allowed to select which auditable events are to be audited.

Verify the following events within the Administration >> System Settings >> System Events, are set to “Record.”
660 Role Created
661 Role Deleted
662 Role Updated
663 Roles Imported
664 Roles Exported

If these settings are not set to “Record”, this is a finding.

Check Content Reference

M

Target Key

2955

Comments