STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018: STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018:SV-95189r1_rule
V-80481
SRG-APP-000516
BROM-00-001310
CAT III
10
Create an SSP document that contains requirements for implementing Bromium vSentry policy settings and workflows for the endpoint. Bromium vSentry policy settings are accessible in the "Policy" section of the BEC. Custom monitoring rules are available in the "Monitoring Rules" section under "Policy".
1. From the management console, click on "Policies".
2. Select the base policy that covers all devices.
3. Within the base policy, select the "Features" tab, navigate to the "Monitoring" section, and enable "Host Monitoring".
4. Click "Save and Deploy".
5. Click the arrow next to "Policies" and select "Monitoring Rules".
6. Click "Rule Options" and select "Create Custom Rule".
7. Create a name for the custom rule.
8. Apply the custom rule to a group.
9. Configure the applications, triggers, and any exclusions associated with the activity to be monitored.
10. Click "Save ".
Ask the site representative for the System Security Policy (SSP) document that includes the security policy settings required for endpoint security and monitoring. If custom monitoring rules are required, verify that monitoring rules are enabled and that custom rules are configured within the policy and applied to the appropriate devices.
1. From the management console, click on "Policies".
2. Select the base policy that covers all devices.
3. Within the base policy, select the "Features" tab, navigate to the "Monitoring" section, and verify that "Host Monitoring" is enabled.
4. Click the arrow next to "Policies" and select "Monitoring Rules".
5. Review custom rules and the device groups they are applied to.
If the BEC is not configured for authorized users to capture and log content related to a user session, this is a finding.
If the BEC is not configured to allow authorized administrators to create organization-defined custom rules to support mission and business requirements, this is a finding.
V-80481
False
BROM-00-001310
Ask the site representative for the System Security Policy (SSP) document that includes the security policy settings required for endpoint security and monitoring. If custom monitoring rules are required, verify that monitoring rules are enabled and that custom rules are configured within the policy and applied to the appropriate devices.
1. From the management console, click on "Policies".
2. Select the base policy that covers all devices.
3. Within the base policy, select the "Features" tab, navigate to the "Monitoring" section, and verify that "Host Monitoring" is enabled.
4. Click the arrow next to "Policies" and select "Monitoring Rules".
5. Review custom rules and the device groups they are applied to.
If the BEC is not configured for authorized users to capture and log content related to a user session, this is a finding.
If the BEC is not configured to allow authorized administrators to create organization-defined custom rules to support mission and business requirements, this is a finding.
M
3375