STIGQter STIGQter: STIG Summary: McAfee Application Control 8.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The process by which the Solidcore client Command Line Interface (CLI) Access Password is made available to administrators when needed must be documented in the organizations written policy.

DISA Rule

SV-213321r506897_rule

Vulnerability Number

V-213321

Group Title

SRG-APP-000397

Rule Version

MCAC-PO-000105

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Follow the formal change and acceptance process to update the written policy to include procedures for accessing the CLI password and how the SA gains access to an approved safe in order for obtaining the password.

Check Contents

Note: The CLI Access is in lockdown mode by default when being managed by ePO. Since the CLI Access can be recovered for troubleshooting, this requirement needs to be met.

Consult with the ISSO/ISSM to obtain a copy of the organization's documented policy for application whitelisting.

The policy must contain procedures for accessing the CLI password, to include the SA gaining access to an approved safe in order for obtaining the password.

If a procedure does not exist for accessing the CLI password as described above, this is a finding.

Vulnerability Number

V-213321

Documentable

False

Rule Version

MCAC-PO-000105

Severity Override Guidance

Note: The CLI Access is in lockdown mode by default when being managed by ePO. Since the CLI Access can be recovered for troubleshooting, this requirement needs to be met.

Consult with the ISSO/ISSM to obtain a copy of the organization's documented policy for application whitelisting.

The policy must contain procedures for accessing the CLI password, to include the SA gaining access to an approved safe in order for obtaining the password.

If a procedure does not exist for accessing the CLI password as described above, this is a finding.

Check Content Reference

M

Target Key

3982

Comments