STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must isolate security functions from non-security functions.

DISA Rule

SV-80421r1_rule

Vulnerability Number

V-65931

Group Title

SRG-APP-000233

Rule Version

TMDS-00-000180

Severity

CAT II

CCI(s)

• CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to isolate security functions from non-security functions.

Configure role-based access controls for least privileged accounts within the Administration >> User management >> Roles.

Check Contents

Review the Trend Deep Security server configuration to ensure security functions are isolated from non-security functions.

In order to restrict access to security functions through the use of access control mechanisms, least privilege capabilities must be enforced within the Deep Security, “User management” settings.

If role-based access controls are not enforced within the Administration >> User management >> Roles, this is a finding.

Vulnerability Number

V-65931

Documentable

False

Rule Version

TMDS-00-000180

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure security functions are isolated from non-security functions.

In order to restrict access to security functions through the use of access control mechanisms, least privilege capabilities must be enforced within the Deep Security, “User management” settings.

If role-based access controls are not enforced within the Administration >> User management >> Roles, this is a finding.

Check Content Reference

M

Target Key

2955

Comments