STIGQter STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016: Trend Deep Security must audit the enforcement actions used to restrict access associated with changes to the application.

DISA Rule

SV-80473r1_rule

Vulnerability Number

V-65983

Group Title

SRG-APP-000381

Rule Version

TMDS-00-000300

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to audit the enforcement actions used to restrict access associated with changes to the application.

To configure the application to captured the events identified by the ISSO, go to the Administration >> System Settings >> System Events tab.

Enable all applicable policies with “Record” and “Forward.”

Check Contents

Review the Trend Deep Security server configuration to ensure the enforcement actions used to restrict access associated with changes to the application are audited.

System Events include changes to the configuration of an Agent/Appliance, the Deep Security Manager, or Users. They also include errors that may occur during normal operation of the Trend Deep Security system.

To ensure the necessary events are captured, verify the Administration >> System Settings >> System Events, against the local policy established by the ISSO.

If the settings configured do not match local policy, this is a finding.

Vulnerability Number

V-65983

Documentable

False

Rule Version

TMDS-00-000300

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure the enforcement actions used to restrict access associated with changes to the application are audited.

System Events include changes to the configuration of an Agent/Appliance, the Deep Security Manager, or Users. They also include errors that may occur during normal operation of the Trend Deep Security system.

To ensure the necessary events are captured, verify the Administration >> System Settings >> System Events, against the local policy established by the ISSO.

If the settings configured do not match local policy, this is a finding.

Check Content Reference

M

Target Key

2955

Comments