| Checked | Name | Title |
|---|
| ☐ | SV-95127r1_rule | The Bromium Enterprise Controller (BEC) must set the number of concurrent sessions to 1. |
| ☐ | SV-95129r1_rule | The Bromium Enterprise Controller (BEC) lockout_delay_base in the settings.json file must be set to a minimum of 10 and the lockout_delay_scale must be set to 1 at a minimum. |
| ☐ | SV-95131r1_rule | The Bromium Enterprise Controller (BEC) must be configured for authorized system administrators to capture and log content related to a Bromium vSentry client. |
| ☐ | SV-95133r1_rule | The Bromium Enterprise Controller (BEC) must generate a log record that can be sent to the central log server, which will alert the system administrator (SA) and Information System Security Officer (ISSO), at a minimum, when a Bromium vSentry client has not connected to the BEC for logging or policy update purposes for an organization-defined time period. |
| ☐ | SV-95135r1_rule | The Bromium Enterprise Controller (BEC) must protect the BEC Web Console from unauthorized access. |
| ☐ | SV-95137r1_rule | The Bromium Enterprise Controller (BEC) must protect BEC Web console from unauthorized modification. |
| ☐ | SV-95139r1_rule | The Bromium Enterprise Controller (BEC) must remove all local Bromium accounts after setup is complete and use the account recovery procedures to recover the local account if network access using the Bromium Account of Last Resort is required. |
| ☐ | SV-95141r1_rule | The Bromium vSentry client must automatically terminate a micro-virtual machine (VM) when any malicious activities are detected within the micro-VM. |
| ☐ | SV-95143r1_rule | The Bromium vSentry client must automatically capture and forward payloads (Malware Manifest) that were downloaded and determined to be malicious to the management console. |
| ☐ | SV-95145r1_rule | The Bromium Enterprise Controller (BEC) must be configured to immediately disconnect or disable remote access to the BEC. |
| ☐ | SV-95147r1_rule | The Bromium Enterprise Controller (BEC) must change the password for the Account of Last Resort when an individual with knowledge of the password leaves the group. |
| ☐ | SV-95149r1_rule | The Bromium Enterprise Controller (BEC) must be configured so that organization-identified administrator roles have permission to change, based on selectable criteria, the types of Bromium vSentry client events that are captured in the events log and stored in the SQL database with immediate effect. |
| ☐ | SV-95151r1_rule | The Bromium Enterprise Controller (BEC) must be configured to permit only authorized users to remotely view, in real time (within seconds of event occurring), all content related to an established Bromium vSentry client session. |
| ☐ | SV-95153r1_rule | The Bromium Enterprise Controller (BEC) must send log records to a central log server (i.e., syslog server). |
| ☐ | SV-95155r1_rule | The Bromium Enterprise Controller (BEC) must send history.log records to a central log server (i.e., syslog server). |
| ☐ | SV-95157r1_rule | The Bromium Enterprise Controller (BEC) must manage log record storage capacity so history.log does not exceed physical drive space capacity allocated by the database administrator (DBA) and system administrator. |
| ☐ | SV-95159r1_rule | The Bromium Enterprise Controller (BEC) must generate a log record that can be sent to the central log server, which will alert the system administrator (SA) and Information System Security Officer (ISSO), at a minimum, when it is unable to connect to the SQL database. |
| ☐ | SV-95161r1_rule | The Bromium Enterprise Controller (BEC) must be configured to provide report generation that supports on-demand reporting requirements for threat events. |
| ☐ | SV-95163r1_rule | The Bromium Enterprise Controller (BEC) must be configured to provide report generation that supports after-the-fact investigations of security incidents. |
| ☐ | SV-95165r1_rule | The Bromium vSentry client must prohibit user installation of software except for clients that are explicitly approved by the ISSM or other authorizing official. |
| ☐ | SV-95167r1_rule | The Bromium Enterprise Controller (BEC) Update Interval must be set to a maximum of one hour. |
| ☐ | SV-95169r1_rule | If the Host Based Security System (HBSS) is not installed to monitor the Bromium Enterprise Controller (BEC) application, processes, and registry settings, the Bromium Protection agent must be installed on the BEC server. |
| ☐ | SV-95171r1_rule | The Bromium vSentry client must include exceptions for HBSS to ensure interoperability and protect from attacks on critical files, applications, processes, registry settings, and attempts at executing unauthorized code in memory. |
| ☐ | SV-95173r1_rule | The Bromium Enterprise Controller (BEC) must have the base policy Logging Level set to Debug. |
| ☐ | SV-95175r1_rule | The Bromium monitoring module installed on the Bromium Enterprise Controller (BEC) or Bromium vSentry must generate an event and forward to the central log server when anomalies in the operation of security functions of the BEC or Bromium vSentry application are discovered. |
| ☐ | SV-95187r1_rule | The Bromium Enterprise Controller (BEC) must forward an event to the central log server when isolation is disabled on any protected Bromium vSentry client. |
| ☐ | SV-95189r1_rule | The Bromium Enterprise Controller (BEC) must be configured to allow authorized administrators to create organization-defined custom rules to support mission and business requirements. |
| ☐ | SV-95191r1_rule | The Bromium Enterprise Controller (BEC) must have Threat Intelligence lookup disabled. |
STIGQter: STIG Summary: