UCF STIG Viewer Logo

Trend Micro Deep Security 9.x Security Technical Implementation Guide


Overview

Date Finding Count (85)
2016-02-26 CAT I (High): 3 CAT II (Med): 82 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-65913 High Trend Deep Security must ensure users are authenticated with an individual authenticator prior to using a group authenticator.
V-65901 High Trend Deep Security must use cryptographic mechanisms to protect the integrity of audit information.
V-66045 High Trend Deep Security must reside on a Web Server configured for multifactor authentication.
V-65959 Medium Trend Deep Security must notify SA and ISSO of account enabling actions.
V-65995 Medium Trend Deep Security detection application must detect network services that have not been authorized or approved by the organization-defined authorization or approval processes.
V-65997 Medium Trend Deep Security must, when unauthorized network services are detected, log the event and alert the ISSO, ISSM, and other individuals designated by the local organization.
V-65991 Medium Trend Deep Security must implement organization-defined security safeguards to protect its memory from unauthorized code execution.
V-65859 Medium Trend Deep Security must initiate a session lock after a 15-minute period of inactivity.
V-65979 Medium Trend Deep Security must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner.
V-65951 Medium Trend Deep Security must notify System Administrators and Information System Security Officers when accounts are modified.
V-65953 Medium Trend Deep Security must notify System Administrators and Information System Security Officers for account disabling actions.
V-65857 Medium Trend Deep Security must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.
V-65955 Medium Trend Deep Security must notify System Administrators and Information System Security Officers for account removal actions.
V-65957 Medium Trend Deep Security must automatically audit account enabling actions.
V-65899 Medium Trend Deep Security must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
V-65919 Medium Trend Deep Security must enforce password complexity by requiring that at least one numeric character be used.
V-65891 Medium Trend Deep Security must protect audit information from unauthorized deletion.
V-65893 Medium Trend Deep Security must protect audit tools from unauthorized access.
V-65895 Medium Trend Deep Security must protect audit tools from unauthorized modification.
V-65897 Medium Trend Deep Security must protect audit tools from unauthorized deletion.
V-66033 Medium Trend Deep Security must generate audit records for all account creations, modifications, disabling, and termination events.
V-65933 Medium Trend Deep Security must restrict the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems.
V-66031 Medium Trend Deep Security must generate audit records for all direct access to the information system.
V-66019 Medium Trend Deep Security must generate audit records when successful/unsuccessful attempts to delete privileges occur.
V-65993 Medium Trend Deep Security must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
V-66035 Medium Trend Deep Security must generate audit records for all kernel module load, unload, and restart events and, also for all program initiations.
V-65921 Medium Trend Deep Security must enforce password complexity by requiring that at least one special character be used.
V-66017 Medium Trend Deep Security must generate audit records when successful/unsuccessful attempts to modify security levels occur.
V-66011 Medium Trend Deep Security must generate audit records when successful/unsuccessful attempts to modify privileges occur.
V-65949 Medium Trend Deep Security must notify System Administrators and Information System Security Officers when accounts are created.
V-66013 Medium Trend Deep Security must generate audit records when successful/unsuccessful attempts to modify security objects occur.
V-65947 Medium Trend Deep Security must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals.
V-65945 Medium Trend Deep Security must be configured to perform real-time malicious code protection scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.
V-65943 Medium Trend Deep Security must configure malicious code protection mechanisms to perform periodic scans of the information system every seven (7) days.
V-65927 Medium Trend Deep Security must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
V-65909 Medium Trend Deep Security must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
V-65907 Medium Trend Deep Security must provide automated mechanisms for supporting account management functions.
V-65925 Medium Trend Deep Security must enforce a 60-day maximum password lifetime restriction.
V-65869 Medium Trend Deep Security must enforce approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.
V-65983 Medium Trend Deep Security must audit the enforcement actions used to restrict access associated with changes to the application.
V-65981 Medium Trend Deep Security must enforce access restrictions associated with changes to application configuration.
V-65987 Medium Trend Deep Security must maintain a separate execution domain for each executing process.
V-65985 Medium Trend Deep Security must only allow the use of DoD PKI established certificate authorities for verification of the establishment of protected sessions.
V-65861 Medium Trend Deep Security must automatically audit account creation.
V-65973 Medium Trend Deep Security must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.
V-65863 Medium Trend Deep Security must automatically audit account modification.
V-65967 Medium Trend Deep Security must audit the execution of privileged functions.
V-65865 Medium Trend Deep Security must automatically audit account disabling actions.
V-65867 Medium Trend Deep Security must automatically audit account removal actions.
V-65889 Medium Trend Deep Security must protect audit information from unauthorized modification.
V-65971 Medium Trend Deep Security must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
V-65903 Medium Trend Deep Security must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
V-65883 Medium Trend Deep Security must provide the capability for authorized users to capture, record, and log all content related to a user session.
V-66037 Medium Trend Deep Security must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly.
V-65881 Medium Trend Deep Security must initiate session auditing upon startup.
V-65887 Medium Trend Deep Security must protect audit information from any type of unauthorized read access.
V-65917 Medium Trend Deep Security must enforce password complexity by requiring that at least one upper-case character be used.
V-65885 Medium Trend Deep Security must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.
V-66025 Medium Trend Deep Security must generate audit records when successful/unsuccessful logon attempts occur.
V-66047 Medium Trend Deep Security must enforce password complexity by requiring that at least one lower-case character be used.
V-66023 Medium Trend Deep Security must generate audit records when successful/unsuccessful attempts to delete security objects occur.
V-65977 Medium Trend Deep Security must prohibit user installation of software without explicit privileged status.
V-66043 Medium Trend Deep Security must synchronize with Active Directory on a daily (or AO-defined) basis.
V-65969 Medium Trend Deep Security must off-load audit records onto a different system or media than the system being audited.
V-66027 Medium Trend Deep Security must generate audit records for privileged activities or other system-level access.
V-65871 Medium Trend Deep Security must enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.
V-65941 Medium Trend Deep Security must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.
V-65975 Medium Trend Deep Security must alert the ISSO, ISSM, and other designated personnel (deemed appropriate by the local organization) when the unauthorized installation of software is detected.
V-66001 Medium Trend Deep Security must alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real-time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.
V-66007 Medium Trend Deep Security must implement security safeguards when integrity violations are discovered.
V-66005 Medium Trend Deep Security must notify the system administrator when anomalies in the operation of the security functions are discovered.
V-65999 Medium Trend Deep Security must continuously monitor inbound communications traffic for unusual or unauthorized activities or conditions.
V-65877 Medium Trend Deep Security must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
V-65931 Medium Trend Deep Security must isolate security functions from non-security functions.
V-65875 Medium Trend Deep Security must provide audit record generation capability for DoD-defined auditable events within all application components.
V-65937 Medium Trend Deep Security must automatically update malicious code protection mechanisms.
V-65873 Medium Trend Deep Security must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period.
V-65935 Medium Trend Deep Security must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.
V-66029 Medium Trend Deep Security must generate audit records when successful/unsuccessful accesses to objects occur.
V-65915 Medium Trend Deep Security must enforce a minimum 15-character password length.
V-65939 Medium Trend Deep Security must notify ISSO and ISSM of failed security verification tests.
V-65905 Medium Trend Deep Security must scan all media used for system maintenance prior to use.
V-65989 Medium Trend Deep Security must protect against or limit the effects of all types of Denial of Service (DoS) attacks by employing organization-defined security safeguards.
V-65929 Medium Trend Deep Security must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.
V-65879 Medium Trend Deep Security must generate audit records when successful/unsuccessful attempts to access privileges occur.