STIGQter STIGQter: STIG Summary: McAfee Application Control 8.x Security Technical Implementation Guide

Version: 1

Release: 5 Benchmark Date: 26 Jul 2019

CheckedNameTitle
SV-88849r1_ruleA McAfee Application Control written policy must be documented to outline the organization-specific variables for application whitelisting.
SV-88869r1_ruleThe Solidcore client Command Line Interface (CLI) Access Password protection process must be documented in the organizations written policy.
SV-88871r1_ruleThe requirement for scheduled Solidcore client Command Line Interface (CLI) Access Password changes must be documented in the organizations written policy.
SV-88873r1_ruleThe process by which the Solidcore client Command Line Interface (CLI) Access Password is made available to administrators when needed must be documented in the organizations written policy.
SV-88875r1_ruleThe McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be confined to the organizations enclave.
SV-88877r1_ruleThe configuration of features under McAfee Application Control Options policies Enforce feature control must be documented in the organizations written policy.
SV-88879r1_ruleThe organizations written policy must include a process for how whitelisted applications are deemed to be allowed.
SV-88881r1_ruleThe organizations written policy must include procedures for how often the whitelist of allowed applications is reviewed.
SV-88883r1_ruleThe Solidcore client must be enabled.
SV-88885r2_ruleThe Solidcore client Command Line Interface (CLI) must be in lockdown mode.
SV-88887r1_ruleThe Solidcore client Command Line Interface (CLI) Access Password must be changed from the default.
SV-88889r1_ruleThe organization-specific Rules policy must only include executable and dll files that are associated with applications as allowed by the organizations written policy.
SV-88891r2_ruleThe McAfee Application Control Options Reputation setting must be configured to use the McAfee Global Threat Intelligence (McAfee GTI) option.
SV-88893r1_ruleThe use of a Solidcore 7.x local Command Line Interface (CLI) Access Password must be documented in the organizations written policy.
SV-88895r1_ruleThe Solidcore client Command Line Interface (CLI) Access password complexity requirements must be documented in the organizations written policy.
SV-88897r1_ruleThe McAfee Application Control Options Reputation-Based Execution settings, if enabled, must be configured to allow Most Likely Trusted or Known Trusted only.
SV-88899r1_ruleThe McAfee Application Control Options Advanced Threat Defense (ATD) settings must not be enabled unless an internal ATD is maintained by the organization.
SV-88901r1_ruleThe McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to send all binaries with a reputation of Might be Trusted and below for analysis.
SV-88903r1_ruleThe McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to only send binaries with a size of 5 MB or less.
SV-88905r1_ruleOrganization-specific McAfee Applications Control Options policies must be created and applied to all endpoints.
SV-88907r1_ruleThe McAfee Application Control Options policy must be configured to disable Self-Approval.
SV-88909r1_ruleThe McAfee Application Control Options policy End User Notification, if configured by organization, must have all default variables replaced with the organization-specific data.
SV-88911r1_ruleThe McAfee Application Control Options policies Enforce feature control memory protection must be enabled.
SV-88913r1_ruleEnabled features under McAfee Application Control Options policies Enforce feature control must not be configured unless documented in written policy and approved by ISSO/ISSM.
SV-88915r1_ruleThe McAfee Application Control Options Inventory option must be configured to hide OS Files.
SV-88917r2_ruleThe McAfee Application Control Options Inventory interval option must be configured to pull inventory from endpoints on a regular basis not to exceed seven days.
SV-88921r1_ruleThe McAfee Applications Default Rules policy must be part of the effective rules policy applied to every endpoint.
SV-88923r1_ruleA copy of the McAfee Default Rules policy must be part of the effective rules policy applied to every endpoint.
SV-88925r1_ruleThe organization-specific Rules policies must be part of the effective rules policy applied to all endpoints.
SV-88927r1_ruleThe organization-specific Solidcore Client Policies must be created and applied to all endpoints.
SV-88929r1_ruleThe Throttling settings must be enabled and configured to settings according to organizations requirements.
SV-88931r1_ruleThe Solidcore Client Exception Rules must be documented in the organizations written policy.