STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018: STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018:SV-95165r1_rule
V-80461
SRG-APP-000378
BROM-00-000865
CAT II
10
Isolate the execution and installation of untrusted and unauthorized applications within a micro-virtual machine (VM):
1. From the management console, navigate to "Policies".
2. Create or modify a base and/or delta policy used for analyzing executables (e.g., "SOC Mode").
3. Add parameter "mimehandler.executable.open" with a value of "1" to enable the isolation of untrusted executables.
4. Add parameter "LAVA.ExecutableVMVisible" with a value of "0" to conceal the untrusted executable from the user's view.
5. Add parameter "LAVA.ExecutableVMTime" with a value (in seconds) for the desired time that the executable should run for the purposes of analysis (e.g., "300").
6. For clients that are allowed to install software, verify a separate delta policy exists for these clients. This will override the base policy for these specific devices only (e.g., management workstations use by the system administrators).
Inspect the base and delta policy on the Bromium Enterprise Controller (BEC) that is responsible for the analysis of executables.
1. From the management console, navigate to "Policies".
2. Inspect the base and all delta policy used for analyzing executables (e.g., "SOC Mode").
3. Verify parameter "mimehandler.executable.open" has a value of "1".
4. Verify parameter "LAVA.ExecutableVMVisible" has a value of "0".
5. Verify parameter "LAVA.ExecutableVMTime" has a value (in seconds) for the desired time that the executable should run for the purposes of analysis (e.g., "300").
6. For clients that are allowed to install software, verify a separate delta policy exists for these clients. This will override the base policy for these specific devices only (e.g., management workstations use by the system administrators).
If Bromium vSentry does not prohibit user installation of software without explicit privileged status, this is a finding.
V-80461
False
BROM-00-000865
Inspect the base and delta policy on the Bromium Enterprise Controller (BEC) that is responsible for the analysis of executables.
1. From the management console, navigate to "Policies".
2. Inspect the base and all delta policy used for analyzing executables (e.g., "SOC Mode").
3. Verify parameter "mimehandler.executable.open" has a value of "1".
4. Verify parameter "LAVA.ExecutableVMVisible" has a value of "0".
5. Verify parameter "LAVA.ExecutableVMTime" has a value (in seconds) for the desired time that the executable should run for the purposes of analysis (e.g., "300").
6. For clients that are allowed to install software, verify a separate delta policy exists for these clients. This will override the base policy for these specific devices only (e.g., management workstations use by the system administrators).
If Bromium vSentry does not prohibit user installation of software without explicit privileged status, this is a finding.
M
3375