STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must audit the execution of privileged functions.

DISA Rule

SV-80457r1_rule

Vulnerability Number

V-65967

Group Title

SRG-APP-000343

Rule Version

TMDS-00-000255

Severity

CAT II

CCI(s)

• CCI-002234 - The information system audits the execution of privileged functions.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to audit the execution of privileged functions.

Enable the necessary privileged functions by selecting “Record” and “Forward” within the Administration >> System Settings >> System Events tab.

Check Contents

Review the Trend Deep Security server to ensure the execution of privileged functions are audited.

Interview the ISSO for a list of functions identified as privileged within the application “System Events.” Privileged functions within the system events will include but are not limited to: Computer Created, Computer Deleted, User Added, etc.).

Verify the list against the Administration >> System Settings >> System Events tab.

If the events are not to Record and Forward, this is a finding.

Vulnerability Number

V-65967

Documentable

False

Rule Version

TMDS-00-000255

Severity Override Guidance

Review the Trend Deep Security server to ensure the execution of privileged functions are audited.

Interview the ISSO for a list of functions identified as privileged within the application “System Events.” Privileged functions within the system events will include but are not limited to: Computer Created, Computer Deleted, User Added, etc.).

Verify the list against the Administration >> System Settings >> System Events tab.

If the events are not to Record and Forward, this is a finding.

Check Content Reference

M

Target Key

2955

Comments