STIGQter: STIG Summary: McAfee Application Control 8.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Solidcore client Command Line Interface (CLI) Access password complexity requirements must be documented in the organizations written policy.

DISA Rule

SV-213318r506897_rule

Vulnerability Number

V-213318

Group Title

SRG-APP-000169

Rule Version

MCAC-PO-000102

Severity

CAT II

CCI(s)

• CCI-001619 - The information system enforces password complexity by the minimum number of special characters used.

Weight

10

Fix Recommendation

Follow the formal change and acceptance process to update the written policy with the CLI password complexity requirements.

Check Contents

Note: The CLI Access is in lockdown mode by default when being managed by ePO. Since the CLI Access can be recovered for troubleshooting, this requirement needs to be met.

Since the Solidcore CLI does not allow for technical enforcement of password complexity the enforcement will be via this written policy directive.

Consult with the ISSO/ISSM to obtain a copy of the organization's documented policy for application whitelisting.

Review the written policy for CLI password complexity requirements.

Verify the policy requires the password to be 15 characters in length and contain a mix of at least one lower-case, one upper-case, one number, and one special character.

If the written policy does not document the requirement for password complexity and/or does not specify the password must be 15 characters in length and contain a mix of at least one lower-case, one upper-case, one number, and one special character, this is a finding.

Vulnerability Number

V-213318

Documentable

False

Rule Version

MCAC-PO-000102

Severity Override Guidance

Note: The CLI Access is in lockdown mode by default when being managed by ePO. Since the CLI Access can be recovered for troubleshooting, this requirement needs to be met.

Since the Solidcore CLI does not allow for technical enforcement of password complexity the enforcement will be via this written policy directive.

Consult with the ISSO/ISSM to obtain a copy of the organization's documented policy for application whitelisting.

Review the written policy for CLI password complexity requirements.

Verify the policy requires the password to be 15 characters in length and contain a mix of at least one lower-case, one upper-case, one number, and one special character.

If the written policy does not document the requirement for password complexity and/or does not specify the password must be 15 characters in length and contain a mix of at least one lower-case, one upper-case, one number, and one special character, this is a finding.

Check Content Reference

M

Target Key

3982

Comments