STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018:

The Bromium vSentry client must include exceptions for HBSS to ensure interoperability and protect from attacks on critical files, applications, processes, registry settings, and attempts at executing unauthorized code in memory.

DISA Rule

SV-95171r1_rule

Vulnerability Number

V-80467

Group Title

SRG-APP-000450

Rule Version

BROM-00-001085

Severity

CAT II

CCI(s)

CCI-002824 - The information system implements organization-defined security safeguards to protect its memory from unauthorized code execution.

Weight

Fix Recommendation

Refer to the Bromium Secure Platform Deployment Guide at https://documentation.bromium.com/4_0/Deployment%20Guide/Bromium_Secure_Platform_Deployment_Guide_4_0_Update_3.pdf for detailed instructions on creating exceptions for HBSS.

Obtain approval from the ISSM or other approving authority for exceptions to HBSS.

Check Contents

Inspect the HBSS configuration policy to verify exceptions for the Bromium directory and related settings.

If the endpoint running Bromium vSentry does include exceptions for HBSS ensure interoperability, this is a finding.

Vulnerability Number

V-80467

Documentable

False

Rule Version

BROM-00-001085

Severity Override Guidance

Check Content Reference

Target Key

3375

The Bromium vSentry client must include exceptions for HBSS to ensure interoperability and protect from attacks on critical files, applications, processes, registry settings, and attempts at executing unauthorized code in memory.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments