V-65913 | High | Trend Deep Security must ensure users are authenticated with an individual authenticator prior to using a group authenticator. | To assure individual accountability and prevent unauthorized access, application users must be individually identified and authenticated.
Individual accountability mandates that each user is... |
V-65901 | High | Trend Deep Security must use cryptographic mechanisms to protect the integrity of audit information. | Audit records may be tampered with; if the integrity of audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is... |
V-66045 | High | Trend Deep Security must reside on a Web Server configured for multifactor authentication. | Configuring the application to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-65959 | Medium | Trend Deep Security must notify SA and ISSO of account enabling actions. | Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to... |
V-65995 | Medium | Trend Deep Security detection application must detect network services that have not been authorized or approved by the organization-defined authorization or approval processes. | Unauthorized or unapproved network services lack organizational verification or validation and therefore, may be unreliable or serve as malicious rogues for valid services.
This requirement can... |
V-65997 | Medium | Trend Deep Security must, when unauthorized network services are detected, log the event and alert the ISSO, ISSM, and other individuals designated by the local organization. | Unauthorized or unapproved network services lack organizational verification or validation and therefore, may be unreliable or serve as malicious rogues for valid services. The detection of such... |
V-65991 | Medium | Trend Deep Security must implement organization-defined security safeguards to protect its memory from unauthorized code execution. | Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory... |
V-65859 | Medium | Trend Deep Security must initiate a session lock after a 15-minute period of inactivity. | A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system, but does not log out because of the... |
V-65979 | Medium | Trend Deep Security must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner. | Unauthorized changes to the baseline configuration could make the system vulnerable to various attacks or allow unauthorized access to the system. Changes to information system configurations can... |
V-65951 | Medium | Trend Deep Security must notify System Administrators and Information System Security Officers when accounts are modified. | Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to... |
V-65953 | Medium | Trend Deep Security must notify System Administrators and Information System Security Officers for account disabling actions. | When application accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes themselves.... |
V-65857 | Medium | Trend Deep Security must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types. | Application management includes the ability to control the number of users and user sessions that utilize an application. Limiting the number of allowed users and sessions per user is helpful in... |
V-65955 | Medium | Trend Deep Security must notify System Administrators and Information System Security Officers for account removal actions. | When application accounts are removed, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes themselves.... |
V-65957 | Medium | Trend Deep Security must automatically audit account enabling actions. | Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to... |
V-65899 | Medium | Trend Deep Security must back up audit records at least every seven days onto a different system or system component than the system or component being audited. | Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on an... |
V-65919 | Medium | Trend Deep Security must enforce password complexity by requiring that at least one numeric character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in... |
V-65891 | Medium | Trend Deep Security must protect audit information from unauthorized deletion. | If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
To ensure the veracity of... |
V-65893 | Medium | Trend Deep Security must protect audit tools from unauthorized access. | Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on... |
V-65895 | Medium | Trend Deep Security must protect audit tools from unauthorized modification. | Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on... |
V-65897 | Medium | Trend Deep Security must protect audit tools from unauthorized deletion. | Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on... |
V-66033 | Medium | Trend Deep Security must generate audit records for all account creations, modifications, disabling, and termination events. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
V-65933 | Medium | Trend Deep Security must restrict the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems. | DoS is a condition where a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity.... |
V-66031 | Medium | Trend Deep Security must generate audit records for all direct access to the information system. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
V-66019 | Medium | Trend Deep Security must generate audit records when successful/unsuccessful attempts to delete privileges occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
V-65993 | Medium | Trend Deep Security must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations... |
V-66035 | Medium | Trend Deep Security must generate audit records for all kernel module load, unload, and restart events and, also for all program initiations. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
V-65921 | Medium | Trend Deep Security must enforce password complexity by requiring that at least one special character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in... |
V-66017 | Medium | Trend Deep Security must generate audit records when successful/unsuccessful attempts to modify security levels occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
V-66011 | Medium | Trend Deep Security must generate audit records when successful/unsuccessful attempts to modify privileges occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
V-65949 | Medium | Trend Deep Security must notify System Administrators and Information System Security Officers when accounts are created. | Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to... |
V-66013 | Medium | Trend Deep Security must generate audit records when successful/unsuccessful attempts to modify security objects occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
V-65947 | Medium | Trend Deep Security must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals. | Malicious code protection mechanisms include, but are not limited, to anti-virus and malware detection software. In order to minimize potential negative impact to the organization that can be... |
V-65945 | Medium | Trend Deep Security must be configured to perform real-time malicious code protection scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. | Malicious code protection mechanisms include, but are not limited, to, anti-virus and malware detection software. In order to minimize potential negative impact to the organization that can be... |
V-65943 | Medium | Trend Deep Security must configure malicious code protection mechanisms to perform periodic scans of the information system every seven (7) days. | Malicious code protection mechanisms include, but are not limited, to anti-virus and malware detection software. In order to minimize potential negative impact to the organization that can be... |
V-65927 | Medium | Trend Deep Security must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users). | Lack of authentication and identification enables non-organizational users to gain access to the application or possibly other information systems and provides an opportunity for intruders to... |
V-65909 | Medium | Trend Deep Security must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
Organizational... |
V-65907 | Medium | Trend Deep Security must provide automated mechanisms for supporting account management functions. | Enterprise environments make application account management challenging and complex. A manual process for account management functions adds the risk of a potential oversight or other error.
A... |
V-65925 | Medium | Trend Deep Security must enforce a 60-day maximum password lifetime restriction. | Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed at specific intervals.
One method of minimizing this risk is to use complex passwords and... |
V-65869 | Medium | Trend Deep Security must enforce approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies. | A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design. If information flow is not enforced based on approved authorizations,... |
V-65983 | Medium | Trend Deep Security must audit the enforcement actions used to restrict access associated with changes to the application. | Without auditing the enforcement of access restrictions against changes to the application configuration, it will be difficult to identify attempted attacks and an audit trail will not be... |
V-65981 | Medium | Trend Deep Security must enforce access restrictions associated with changes to application configuration. | Failure to provide logical access restrictions associated with changes to application configuration may have significant effects on the overall security of the system.
When dealing with access... |
V-65987 | Medium | Trend Deep Security must maintain a separate execution domain for each executing process. | Applications can maintain separate execution domains for each executing process by assigning each process a separate address space. Each process has a distinct address space so that communication... |
V-65985 | Medium | Trend Deep Security must only allow the use of DoD PKI established certificate authorities for verification of the establishment of protected sessions. | Untrusted Certificate Authorities (CA) can issue certificates, but they may be issued by organizations or individuals that seek to compromise DoD systems or by organizations with insufficient... |
V-65861 | Medium | Trend Deep Security must automatically audit account creation. | Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to... |
V-65973 | Medium | Trend Deep Security must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an... |
V-65863 | Medium | Trend Deep Security must automatically audit account modification. | Once an attacker establishes initial access to a system, the attacker often attempts to create a persistent method of re-establishing access. One way to accomplish this is for the attacker to... |
V-65967 | Medium | Trend Deep Security must audit the execution of privileged functions. | Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious... |
V-65865 | Medium | Trend Deep Security must automatically audit account disabling actions. | When application accounts are disabled, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes themselves.... |
V-65867 | Medium | Trend Deep Security must automatically audit account removal actions. | When application accounts are removed, user accessibility is affected. Accounts are utilized for identifying individual application users or for identifying the application processes themselves.... |
V-65889 | Medium | Trend Deep Security must protect audit information from unauthorized modification. | If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
To ensure the veracity of... |
V-65971 | Medium | Trend Deep Security must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. | If security personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for storage capacity expansion. |
V-65903 | Medium | Trend Deep Security must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must... |
V-65883 | Medium | Trend Deep Security must provide the capability for authorized users to capture, record, and log all content related to a user session. | Without the capability to capture, record, and log all content related to a user session, investigations into suspicious user activity would be hampered.
This requirement does not apply to... |
V-66037 | Medium | Trend Deep Security must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly. | Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
Off-loading is a common process in information systems with limited audit storage capacity. |
V-65881 | Medium | Trend Deep Security must initiate session auditing upon startup. | If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is... |
V-65887 | Medium | Trend Deep Security must protect audit information from any type of unauthorized read access. | If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult if not impossible to achieve. In... |
V-65917 | Medium | Trend Deep Security must enforce password complexity by requiring that at least one upper-case character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in... |
V-65885 | Medium | Trend Deep Security must alert the ISSO and SA (at a minimum) in the event of an audit processing failure. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an... |
V-66025 | Medium | Trend Deep Security must generate audit records when successful/unsuccessful logon attempts occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
V-66047 | Medium | Trend Deep Security must enforce password complexity by requiring that at least one lower-case character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in... |
V-66023 | Medium | Trend Deep Security must generate audit records when successful/unsuccessful attempts to delete security objects occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
V-65977 | Medium | Trend Deep Security must prohibit user installation of software without explicit privileged status. | Allowing regular users to install software, without explicit privileges, creates the risk that untested or potentially malicious software will be installed on the system. Explicit privileges... |
V-66043 | Medium | Trend Deep Security must synchronize with Active Directory on a daily (or AO-defined) basis. | Configuring the application to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-65969 | Medium | Trend Deep Security must off-load audit records onto a different system or media than the system being audited. | Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
Off-loading is a common process in information systems with limited audit storage capacity. |
V-66027 | Medium | Trend Deep Security must generate audit records for privileged activities or other system-level access. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
V-65871 | Medium | Trend Deep Security must enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies. | A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design. If information flow is not enforced based on approved authorizations,... |
V-65941 | Medium | Trend Deep Security must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. | Malicious code includes viruses, worms, Trojan horses, and spyware. The code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive.... |
V-65975 | Medium | Trend Deep Security must alert the ISSO, ISSM, and other designated personnel (deemed appropriate by the local organization) when the unauthorized installation of software is detected. | Unauthorized software not only increases risk by increasing the number of potential vulnerabilities, it also can contain malicious code. Sending an alert (in real time) when unauthorized software... |
V-66001 | Medium | Trend Deep Security must alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real-time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B. | When a security event occurs, the application that has detected the event must immediately notify the appropriate support personnel so they can respond appropriately.
Alerts may be generated... |
V-66007 | Medium | Trend Deep Security must implement security safeguards when integrity violations are discovered. | Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity (e.g., tampering). Information includes metadata, such as security attributes associated... |
V-66005 | Medium | Trend Deep Security must notify the system administrator when anomalies in the operation of the security functions are discovered. | If anomalies are not acted upon, security functions may fail to secure the system.
Security function is defined as the hardware, software, and/or firmware of the information system responsible... |
V-65999 | Medium | Trend Deep Security must continuously monitor inbound communications traffic for unusual or unauthorized activities or conditions. | Evidence of malicious code is used to identify potentially compromised information systems or information system components. Unusual/unauthorized activities or conditions related to information... |
V-65877 | Medium | Trend Deep Security must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured... |
V-65931 | Medium | Trend Deep Security must isolate security functions from non-security functions. | An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform security functions.
Security functions are the hardware, software,... |
V-65875 | Medium | Trend Deep Security must provide audit record generation capability for DoD-defined auditable events within all application components. | Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one.
Audit... |
V-65937 | Medium | Trend Deep Security must automatically update malicious code protection mechanisms. | Malicious software detection applications need to be constantly updated in order to identify new threats as they are discovered.
All malicious software detection software must come with an... |
V-65873 | Medium | Trend Deep Security must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period. | By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account. |
V-65935 | Medium | Trend Deep Security must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks. | DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity.
In the... |
V-66029 | Medium | Trend Deep Security must generate audit records when successful/unsuccessful accesses to objects occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |
V-65915 | Medium | Trend Deep Security must enforce a minimum 15-character password length. | The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
Password complexity, or strength, is a measure of the... |
V-65939 | Medium | Trend Deep Security must notify ISSO and ISSM of failed security verification tests. | If personnel are not notified of failed security verification tests, they will not be able to take corrective action and the unsecure condition(s) will remain.
Security function is defined as... |
V-65905 | Medium | Trend Deep Security must scan all media used for system maintenance prior to use. | There are security-related issues arising from software brought into the information system specifically for diagnostic and repair actions (e.g., a software packet sniffer installed on a system in... |
V-65989 | Medium | Trend Deep Security must protect against or limit the effects of all types of Denial of Service (DoS) attacks by employing organization-defined security safeguards. | DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity.
This... |
V-65929 | Medium | Trend Deep Security must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements. | Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port... |
V-65879 | Medium | Trend Deep Security must generate audit records when successful/unsuccessful attempts to access privileges occur. | Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an... |