STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must automatically audit account removal actions.

DISA Rule

SV-80357r1_rule

Vulnerability Number

V-65867

Group Title

SRG-APP-000029

Rule Version

TMDS-00-000035

Severity

CAT II

CCI(s)

• CCI-001405 - The information system automatically audits account removal actions.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to automatically audit account removal actions.

Enable "User Deleted" events by selecting the following:

Administration >> System Settings >> System Events >> Enable Event ID 651 User Deleted.

Select: Record
Select: Forward

Check Contents

Review the Trend Deep Security server configuration to ensure account removal actions are automatically audited.

Verify "User Deleted" events are enabled by reviewing the following:

Administration >> System Settings >> System Events >> Enable Event ID 651 User Deleted.

Select: Record
Select: Forward

If "User Deleted" is not enabled this is a finding.

Vulnerability Number

V-65867

Documentable

False

Rule Version

TMDS-00-000035

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure account removal actions are automatically audited.

Verify "User Deleted" events are enabled by reviewing the following:

Administration >> System Settings >> System Events >> Enable Event ID 651 User Deleted.

Select: Record
Select: Forward

If "User Deleted" is not enabled this is a finding.

Check Content Reference

M

Target Key

2955

Comments