STIGQter: STIG Summary: McAfee Application Control 8.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The organization-specific Rules policies must be part of the effective rules policy applied to all endpoints.

DISA Rule

SV-213344r506897_rule

Vulnerability Number

V-213344

Group Title

SRG-APP-000386

Rule Version

MCAC-TE-000119

Severity

CAT II

CCI(s)

• CCI-001774 - The organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system.

Weight

10

Fix Recommendation

From the ePO server console System Tree, select the "Systems" tab.

Select "This Group and All Subgroups".
Select the asset.
Select "Actions".
Select "Agent".
Select "Modify Policies on a Single System".

From the product pull-down list, select Solidcore 8.x: Application Control.

For Windows Platforms, for the "Application Control Rules (Windows)" Category, click on "Edit Assignments" under the "Actions" column.

For MAC/Linux Platforms, for the "Application Control Rules (Unix)" Category, click on "Edit Assignments" under the "Actions" column.

Click on the "New Policy Instance" button at the bottom of the screen.

Scroll down to locate the new policy instance just created. Click on the drop-down selection box for "Assigned policy:" and choose the organization-specific policy for the system being reviewed.

If one does not exist, click "New Policy" and create a new policy based upon organization's written policy.

Click "Save".

Check Contents

From the ePO server console System Tree, select the "Systems" tab.

Select "This Group and All Subgroups".

Select the asset to be validated.

Select "Actions".

Select "Agent".

Select "Modify Policies on a Single System".

From the product pull-down list, select Solidcore 8.x: Application Control.

For Windows Platforms, select the "Application Control Rules (Windows)" Category, click on "Edit Assignments" under the "Actions" column.

For MAC/Linux Platforms,select the "Application Control Rules (Unix)" Category, click on "Edit Assignments" under the "Actions" column.

Verify that there exists at least one organization-specific Rules policy as part of the assigned policies applied to the system being reviewed.

If an organization-specific Rules policy is not part of the assigned polices applied to the system being reviewed, this is a finding.

If the only "Application Control Rules" policy applied to the system is the "McAfee Default" policy, this is a finding.

Vulnerability Number

V-213344

Documentable

False

Rule Version

MCAC-TE-000119

Severity Override Guidance

From the ePO server console System Tree, select the "Systems" tab.

Select "This Group and All Subgroups".

Select the asset to be validated.

Select "Actions".

Select "Agent".

Select "Modify Policies on a Single System".

From the product pull-down list, select Solidcore 8.x: Application Control.

For Windows Platforms, select the "Application Control Rules (Windows)" Category, click on "Edit Assignments" under the "Actions" column.

For MAC/Linux Platforms,select the "Application Control Rules (Unix)" Category, click on "Edit Assignments" under the "Actions" column.

Verify that there exists at least one organization-specific Rules policy as part of the assigned policies applied to the system being reviewed.

If an organization-specific Rules policy is not part of the assigned polices applied to the system being reviewed, this is a finding.

If the only "Application Control Rules" policy applied to the system is the "McAfee Default" policy, this is a finding.

Check Content Reference

M

Target Key

3982

Comments