STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018:

The Bromium Enterprise Controller (BEC) must be configured so that organization-identified administrator roles have permission to change, based on selectable criteria, the types of Bromium vSentry client events that are captured in the events log and stored in the SQL database with immediate effect.

DISA Rule

SV-95149r1_rule

Vulnerability Number

V-80445

Group Title

SRG-APP-000353

Rule Version

BROM-00-000740

Severity

CAT III

CCI(s)

• CCI-001914 - The information system provides the capability for organization-defined individuals or roles to change the auditing to be performed on organization-defined information system components based on organization-defined selectable event criteria within organization-defined time thresholds.

Weight

10

Fix Recommendation

The logging level is changed by selecting the "Manageability" level. Groups/roles that have permission to edit policies are allowed to change log event criteria.

1. Using the management console, navigate to "Policies".
2. Select the site's default policy.
3. Navigate to the "Manageability" tab.
4. Select the desired logging level. The default setting is "Event" (e.g., Debug, Trace, Event, Warning). DoD requires a setting of "Event" in the default policy.
5. Click "Save and Deploy".

Check Contents

Review each role and verify that at least one role has the "Edit Policies" privilege. Also verify that not all roles have the "Edit Policies" permission.

1. Using the management console, navigate to "Settings" and click on "Roles".
2. Inspect each role to ensure that the "Edit Policies" permission is enabled/disabled for the appropriate roles (e.g., the site's read-only role must not have permission to edit policies).

Inspect the default policy to ensure that the proper log level has been selected.

1. Select the site's default policy.
2. Navigate to the "Manageability" tab.
3. Verify "Events" log level is selected.

If the BEC is not configured for organization-identified roles that have permission to change, based on selectable criteria, the types of endpoint events that are captured in the Event log and stored in the SQL database, this is a finding.

Vulnerability Number

V-80445

Documentable

False

Rule Version

BROM-00-000740

Severity Override Guidance

Review each role and verify that at least one role has the "Edit Policies" privilege. Also verify that not all roles have the "Edit Policies" permission.

1. Using the management console, navigate to "Settings" and click on "Roles".
2. Inspect each role to ensure that the "Edit Policies" permission is enabled/disabled for the appropriate roles (e.g., the site's read-only role must not have permission to edit policies).

Inspect the default policy to ensure that the proper log level has been selected.

1. Select the site's default policy.
2. Navigate to the "Manageability" tab.
3. Verify "Events" log level is selected.

If the BEC is not configured for organization-identified roles that have permission to change, based on selectable criteria, the types of endpoint events that are captured in the Event log and stored in the SQL database, this is a finding.

Check Content Reference

M

Target Key

3375

Comments