UCF STIG Viewer Logo

McAfee Application Control 7.x Security Technical Implementation Guide


Overview

Date Finding Count (32)
2018-01-03 CAT I (High): 2 CAT II (Med): 30 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-74211 High The Solidcore client Command Line Interface (CLI) must be in lockdown mode.
V-74213 High The Solidcore client Command Line Interface (CLI) Access Password must be changed from the default.
V-74225 Medium The McAfee Application Control Options Advanced Threat Defense (ATD) settings must not be enabled unless an internal ATD is maintained by the organization.
V-74227 Medium The McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to send all binaries with a reputation of Might be Trusted and below for analysis.
V-74221 Medium The Solidcore client Command Line Interface (CLI) Access password complexity requirements must be documented in the organizations written policy.
V-74223 Medium The McAfee Application Control Options Reputation-Based Execution settings, if enabled, must be configured to allow Most Likely Trusted or Known Trusted only.
V-74219 Medium The use of a Solidcore 7.x local Command Line Interface (CLI) Access Password must be documented in the organizations written policy.
V-74229 Medium The McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to only send binaries with a size of 5 MB or less.
V-74247 Medium The McAfee Applications Default Rules policy must be part of the effective rules policy applied to every endpoint.
V-74209 Medium The Solidcore client must be enabled.
V-74243 Medium The McAfee Application Control Options Inventory interval option must be configured to pull inventory from endpoints on a regular basis not to exceed seven days.
V-74241 Medium The McAfee Application Control Options Inventory option must be configured to hide OS Files.
V-74203 Medium The configuration of features under McAfee Application Control Options policies Enforce feature control must be documented in the organizations written policy.
V-74201 Medium The McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be confined to the organizations enclave.
V-74207 Medium The organizations written policy must include procedures for how often the whitelist of allowed applications is reviewed.
V-74205 Medium The organizations written policy must include a process for how whitelisted applications are deemed to be allowed.
V-74249 Medium A copy of the McAfee Default Rules policy must be part of the effective rules policy applied to every endpoint.
V-74233 Medium The McAfee Application Control Options policy must be configured to disable Self-Approval.
V-74231 Medium Organization-specific McAfee Applications Control Options policies must be created and applied to all endpoints.
V-74237 Medium The McAfee Application Control Options policies Enforce feature control memory protection must be enabled.
V-74235 Medium The McAfee Application Control Options policy End User Notification, if configured by organization, must have all default variables replaced with the organization-specific data.
V-74239 Medium Enabled features under McAfee Application Control Options policies Enforce feature control must not be configured unless documented in written policy and approved by ISSO/ISSM.
V-74175 Medium A McAfee Application Control written policy must be documented to outline the organization-specific variables for application whitelisting.
V-74255 Medium The Throttling settings must be enabled and configured to settings according to organizations requirements.
V-74199 Medium The process by which the Solidcore client Command Line Interface (CLI) Access Password is made available to administrators when needed must be documented in the organizations written policy.
V-74257 Medium The Solidcore Client Exception Rules must be documented in the organizations written policy.
V-74251 Medium The organization-specific Rules policies must be part of the effective rules policy applied to all endpoints.
V-74253 Medium The organization-specific Solidcore Client Policies must be created and applied to all endpoints.
V-74197 Medium The requirement for scheduled Solidcore client Command Line Interface (CLI) Access Password changes must be documented in the organizations written policy.
V-74215 Medium The organization-specific Rules policy must only include executable and dll files that are associated with applications as allowed by the organizations written policy.
V-74195 Medium The Solidcore client Command Line Interface (CLI) Access Password protection process must be documented in the organizations written policy.
V-74217 Medium The McAfee Application Control Options Reputation setting must be configured to use the McAfee Global Threat Intelligence (McAfee GTI) option.