STIGQter: STIG Summary: McAfee MOVE AV Agentless 4.5 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 11 Dec 2017:

The admin password for the McAfee MOVE AV Agentless Security Virtual Machine (SVM) must be changed from the default.

DISA Rule

SV-93167r1_rule

Vulnerability Number

V-78461

Group Title

MV45-GEN-200002

Rule Version

MV45-GEN-200002

Severity

CAT I

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

If the McAfee SVM was deployed manually, physically log into the McAfee SVM and change the password from the default.

If the McAfee SVM was deployed with VMware vCNS or VMWare NSX, access the McAfee ePO console.

From the Menu, select Automation >> MOVE AntiVirus Deployment.

Under General >> General Configuration >> SVM Configuration (Agentless Only), populate the "Password" with a unique password. Confirm the password.

Click "Save".

Check Contents

If the McAfee SVM was deployed manually, physically log into the McAfee SVM and confirm password has been changed from default.

If the password has not been changed from the default, this is a finding.

If the McAfee SVM was deployed with VMware vCNS or VMWare NSX, access the McAfee ePO console.

From the Menu, select Automation >> MOVE AntiVirus Deployment.

Under General >> General Configuration >> SVM Configuration (Agentless Only), verify the "Password" shows as configured. It will be masked.

Verify with the System Administrator that the password has been changed from the default password.

If "Password" does not show as configured and has not been changed from the default password, this is a finding.

Vulnerability Number

V-78461

Documentable

False

Rule Version

MV45-GEN-200002

Severity Override Guidance

If the McAfee SVM was deployed manually, physically log into the McAfee SVM and confirm password has been changed from default.

If the password has not been changed from the default, this is a finding.

If the McAfee SVM was deployed with VMware vCNS or VMWare NSX, access the McAfee ePO console.

From the Menu, select Automation >> MOVE AntiVirus Deployment.

Under General >> General Configuration >> SVM Configuration (Agentless Only), verify the "Password" shows as configured. It will be masked.

Verify with the System Administrator that the password has been changed from the default password.

If "Password" does not show as configured and has not been changed from the default password, this is a finding.

Check Content Reference

M

Target Key

3227

Comments