STIGQter STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018: The Bromium Enterprise Controller (BEC) must be configured for authorized system administrators to capture and log content related to a Bromium vSentry client.

DISA Rule

SV-95131r1_rule

Vulnerability Number

V-80427

Group Title

SRG-APP-000093

Rule Version

BROM-00-000155

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure a custom rule to view a user's activity.

Ensure host monitoring is enabled in the base or applicable delta policy.

1. From the management console, click on "Policies".
2. Select the base policy that covers all devices.
3. Within the base policy, select the "Features" tab, navigate to the "Monitoring" section, and enable "Host Monitoring".
4. Click "Save and Deploy".

Configure the Custom Rule to monitor one or more Bromium vSentry clients.
1. Click the arrow next to "Policies" and select "Monitoring Rules".
2. Click "Rule Options" and select "Create Custom Rule".
3. Create a name for the custom rule.
4. Apply the custom rule to a group.
5. Configure the applications, triggers, and any exclusions associated with the activity to be monitored.
6. Click "Save".

Check Contents

If custom rules are required, verify that monitoring rules are enabled. Custom rules may or may not be present on the BEC, depending on the site's need. It is not mandatory to use this feature, just that the feature be configured to be used in case it is needed.

1. From the management console, click on "Policies".
2. Select the base policy that covers all devices.
3. Within the base policy, select the "Features" tab, navigate to the "Monitoring" section, and verify that "Host Monitoring" is enabled.
4. Click on "Policies" and verify "Monitoring Rules" is checked.

If the Bromium Enterprise Controller (BEC) is not configured for authorized users to capture and log content related to a user session, this is a finding.

Vulnerability Number

V-80427

Documentable

False

Rule Version

BROM-00-000155

Severity Override Guidance

If custom rules are required, verify that monitoring rules are enabled. Custom rules may or may not be present on the BEC, depending on the site's need. It is not mandatory to use this feature, just that the feature be configured to be used in case it is needed.

1. From the management console, click on "Policies".
2. Select the base policy that covers all devices.
3. Within the base policy, select the "Features" tab, navigate to the "Monitoring" section, and verify that "Host Monitoring" is enabled.
4. Click on "Policies" and verify "Monitoring Rules" is checked.

If the Bromium Enterprise Controller (BEC) is not configured for authorized users to capture and log content related to a user session, this is a finding.

Check Content Reference

M

Target Key

3375

Comments