STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

DISA Rule

SV-80361r1_rule

Vulnerability Number

V-65871

Group Title

SRG-APP-000039

Rule Version

TMDS-00-000045

Severity

CAT II

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Use the Computer and Group Rights panel to confer viewing, editing, deleting, Alert-dismissal, and Event tagging rights to Users in a Role. These rights can apply to all computers and computer groups or they can be restricted to only certain computers.

To restrict access, select the "Selected Computers" radio button and put a check next to the computer groups and computers that Users in this Role will have access to.

Administration >> User Management >> Roles

Select a Role and click Properties >> Computer Rights

Check Contents

Review the Trend Deep Security server to ensure approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies are enforced.

Interview the ISSO in order to identify all users with permissions to the application. The ISSO must identify each user along with their assigned role configured for the appropriate information systems allowed.

Verify the information gathered against the application's, "Computer and Group Rights" for each "Role" created along with the users assigned.

If the information gathered does not match the settings within the application this is a finding.

Vulnerability Number

V-65871

Documentable

False

Rule Version

TMDS-00-000045

Severity Override Guidance

Review the Trend Deep Security server to ensure approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies are enforced.

Interview the ISSO in order to identify all users with permissions to the application. The ISSO must identify each user along with their assigned role configured for the appropriate information systems allowed.

Verify the information gathered against the application's, "Computer and Group Rights" for each "Role" created along with the users assigned.

If the information gathered does not match the settings within the application this is a finding.

Check Content Reference

M

Target Key

2955

Comments