| Checked | Name | Title |
|---|
| ☐ | SV-80347r1_rule | Trend Deep Security must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types. |
| ☐ | SV-80349r1_rule | Trend Deep Security must initiate a session lock after a 15-minute period of inactivity. |
| ☐ | SV-80351r1_rule | Trend Deep Security must automatically audit account creation. |
| ☐ | SV-80353r1_rule | Trend Deep Security must automatically audit account modification. |
| ☐ | SV-80355r1_rule | Trend Deep Security must automatically audit account disabling actions. |
| ☐ | SV-80357r1_rule | Trend Deep Security must automatically audit account removal actions. |
| ☐ | SV-80359r1_rule | Trend Deep Security must enforce approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies. |
| ☐ | SV-80361r1_rule | Trend Deep Security must enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies. |
| ☐ | SV-80363r1_rule | Trend Deep Security must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period. |
| ☐ | SV-80365r1_rule | Trend Deep Security must provide audit record generation capability for DoD-defined auditable events within all application components. |
| ☐ | SV-80367r1_rule | Trend Deep Security must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. |
| ☐ | SV-80369r1_rule | Trend Deep Security must generate audit records when successful/unsuccessful attempts to access privileges occur. |
| ☐ | SV-80371r1_rule | Trend Deep Security must initiate session auditing upon startup. |
| ☐ | SV-80373r1_rule | Trend Deep Security must provide the capability for authorized users to capture, record, and log all content related to a user session. |
| ☐ | SV-80375r1_rule | Trend Deep Security must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. |
| ☐ | SV-80377r1_rule | Trend Deep Security must protect audit information from any type of unauthorized read access. |
| ☐ | SV-80379r1_rule | Trend Deep Security must protect audit information from unauthorized modification. |
| ☐ | SV-80381r1_rule | Trend Deep Security must protect audit information from unauthorized deletion. |
| ☐ | SV-80383r1_rule | Trend Deep Security must protect audit tools from unauthorized access. |
| ☐ | SV-80385r1_rule | Trend Deep Security must protect audit tools from unauthorized modification. |
| ☐ | SV-80387r1_rule | Trend Deep Security must protect audit tools from unauthorized deletion. |
| ☐ | SV-80389r1_rule | Trend Deep Security must back up audit records at least every seven days onto a different system or system component than the system or component being audited. |
| ☐ | SV-80391r1_rule | Trend Deep Security must use cryptographic mechanisms to protect the integrity of audit information. |
| ☐ | SV-80393r1_rule | Trend Deep Security must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. |
| ☐ | SV-80395r1_rule | Trend Deep Security must scan all media used for system maintenance prior to use. |
| ☐ | SV-80397r1_rule | Trend Deep Security must provide automated mechanisms for supporting account management functions. |
| ☐ | SV-80399r1_rule | Trend Deep Security must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). |
| ☐ | SV-80403r1_rule | Trend Deep Security must ensure users are authenticated with an individual authenticator prior to using a group authenticator. |
| ☐ | SV-80405r1_rule | Trend Deep Security must enforce a minimum 15-character password length. |
| ☐ | SV-80407r1_rule | Trend Deep Security must enforce password complexity by requiring that at least one upper-case character be used. |
| ☐ | SV-80409r1_rule | Trend Deep Security must enforce password complexity by requiring that at least one numeric character be used. |
| ☐ | SV-80411r1_rule | Trend Deep Security must enforce password complexity by requiring that at least one special character be used. |
| ☐ | SV-80415r1_rule | Trend Deep Security must enforce a 60-day maximum password lifetime restriction. |
| ☐ | SV-80417r1_rule | Trend Deep Security must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users). |
| ☐ | SV-80419r1_rule | Trend Deep Security must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements. |
| ☐ | SV-80421r1_rule | Trend Deep Security must isolate security functions from non-security functions. |
| ☐ | SV-80423r1_rule | Trend Deep Security must restrict the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems. |
| ☐ | SV-80425r1_rule | Trend Deep Security must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks. |
| ☐ | SV-80427r1_rule | Trend Deep Security must automatically update malicious code protection mechanisms. |
| ☐ | SV-80429r1_rule | Trend Deep Security must notify ISSO and ISSM of failed security verification tests. |
| ☐ | SV-80431r1_rule | Trend Deep Security must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. |
| ☐ | SV-80433r1_rule | Trend Deep Security must configure malicious code protection mechanisms to perform periodic scans of the information system every seven (7) days. |
| ☐ | SV-80435r1_rule | Trend Deep Security must be configured to perform real-time malicious code protection scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. |
| ☐ | SV-80437r1_rule | Trend Deep Security must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals. |
| ☐ | SV-80439r1_rule | Trend Deep Security must notify System Administrators and Information System Security Officers when accounts are created. |
| ☐ | SV-80441r1_rule | Trend Deep Security must notify System Administrators and Information System Security Officers when accounts are modified. |
| ☐ | SV-80443r1_rule | Trend Deep Security must notify System Administrators and Information System Security Officers for account disabling actions. |
| ☐ | SV-80445r1_rule | Trend Deep Security must notify System Administrators and Information System Security Officers for account removal actions. |
| ☐ | SV-80447r1_rule | Trend Deep Security must automatically audit account enabling actions. |
| ☐ | SV-80449r1_rule | Trend Deep Security must notify SA and ISSO of account enabling actions. |
| ☐ | SV-80457r1_rule | Trend Deep Security must audit the execution of privileged functions. |
| ☐ | SV-80459r1_rule | Trend Deep Security must off-load audit records onto a different system or media than the system being audited. |
| ☐ | SV-80461r1_rule | Trend Deep Security must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. |
| ☐ | SV-80463r1_rule | Trend Deep Security must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts. |
| ☐ | SV-80465r1_rule | Trend Deep Security must alert the ISSO, ISSM, and other designated personnel (deemed appropriate by the local organization) when the unauthorized installation of software is detected. |
| ☐ | SV-80467r1_rule | Trend Deep Security must prohibit user installation of software without explicit privileged status. |
| ☐ | SV-80469r1_rule | Trend Deep Security must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner. |
| ☐ | SV-80471r1_rule | Trend Deep Security must enforce access restrictions associated with changes to application configuration. |
| ☐ | SV-80473r1_rule | Trend Deep Security must audit the enforcement actions used to restrict access associated with changes to the application. |
| ☐ | SV-80475r1_rule | Trend Deep Security must only allow the use of DoD PKI established certificate authorities for verification of the establishment of protected sessions. |
| ☐ | SV-80477r1_rule | Trend Deep Security must maintain a separate execution domain for each executing process. |
| ☐ | SV-80479r1_rule | Trend Deep Security must protect against or limit the effects of all types of Denial of Service (DoS) attacks by employing organization-defined security safeguards. |
| ☐ | SV-80481r1_rule | Trend Deep Security must implement organization-defined security safeguards to protect its memory from unauthorized code execution. |
| ☐ | SV-80483r1_rule | Trend Deep Security must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). |
| ☐ | SV-80485r1_rule | Trend Deep Security detection application must detect network services that have not been authorized or approved by the organization-defined authorization or approval processes. |
| ☐ | SV-80487r1_rule | Trend Deep Security must, when unauthorized network services are detected, log the event and alert the ISSO, ISSM, and other individuals designated by the local organization. |
| ☐ | SV-80489r1_rule | Trend Deep Security must continuously monitor inbound communications traffic for unusual or unauthorized activities or conditions. |
| ☐ | SV-80491r1_rule | Trend Deep Security must alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real-time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B. |
| ☐ | SV-80495r1_rule | Trend Deep Security must notify the system administrator when anomalies in the operation of the security functions are discovered. |
| ☐ | SV-80497r1_rule | Trend Deep Security must implement security safeguards when integrity violations are discovered. |
| ☐ | SV-80501r1_rule | Trend Deep Security must generate audit records when successful/unsuccessful attempts to modify privileges occur. |
| ☐ | SV-80503r1_rule | Trend Deep Security must generate audit records when successful/unsuccessful attempts to modify security objects occur. |
| ☐ | SV-80507r1_rule | Trend Deep Security must generate audit records when successful/unsuccessful attempts to modify security levels occur. |
| ☐ | SV-80509r1_rule | Trend Deep Security must generate audit records when successful/unsuccessful attempts to delete privileges occur. |
| ☐ | SV-80513r1_rule | Trend Deep Security must generate audit records when successful/unsuccessful attempts to delete security objects occur. |
| ☐ | SV-80515r1_rule | Trend Deep Security must generate audit records when successful/unsuccessful logon attempts occur. |
| ☐ | SV-80517r1_rule | Trend Deep Security must generate audit records for privileged activities or other system-level access. |
| ☐ | SV-80519r1_rule | Trend Deep Security must generate audit records when successful/unsuccessful accesses to objects occur. |
| ☐ | SV-80521r1_rule | Trend Deep Security must generate audit records for all direct access to the information system. |
| ☐ | SV-80523r1_rule | Trend Deep Security must generate audit records for all account creations, modifications, disabling, and termination events. |
| ☐ | SV-80525r1_rule | Trend Deep Security must generate audit records for all kernel module load, unload, and restart events and, also for all program initiations. |
| ☐ | SV-80527r1_rule | Trend Deep Security must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly. |
| ☐ | SV-80533r1_rule | Trend Deep Security must synchronize with Active Directory on a daily (or AO-defined) basis. |
| ☐ | SV-80535r1_rule | Trend Deep Security must reside on a Web Server configured for multifactor authentication. |
| ☐ | SV-80537r1_rule | Trend Deep Security must enforce password complexity by requiring that at least one lower-case character be used. |
STIGQter: STIG Summary: