STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018:

The Bromium Enterprise Controller (BEC) must remove all local Bromium accounts after setup is complete and use the account recovery procedures to recover the local account if network access using the Bromium Account of Last Resort is required.

DISA Rule

SV-95139r1_rule

Vulnerability Number

V-80435

Group Title

SRG-APP-000149

Rule Version

BROM-00-000300

Severity

CAT I

CCI(s)

• CCI-000765 - The information system implements multifactor authentication for network access to privileged accounts.

Weight

10

Fix Recommendation

Remove all local accounts after setup. Use the Bromium system recovery process to either create another account or recover the setup account when needed.

1. Using the BEC server setup application, generate the password for the local Account of Last Resort using a FIPS 140-2 compliant password generator.
2. Configure the BEC and all BEC user accounts to leverage an external authentication server (e.g., Active Directory).
3. Upon successful configuration and connection of the BEC to the authentication server, remove the local BEC account.

In the event of a system-wide failure to connect to the authentication server, system recovery, or other organization-defined emergency:
1. Gain access to the Windows Server running BEC.
2. Run the BEC server setup application (BrBMSSettings.exe).
3. Click on "Database Settings".
4. Check the box next to "Request new administrator user".
5. Click "Save".

Remove the account once normal operations resume.

Either create a new account and password each time the account is retried or change the password each time the same account is recovered in order to comply with BROM-00-000690.

Check Contents

Ask the site representatives if they have developed and documented an emergency local account recovery procedure for the BEC Account of Last Resort.

Examine the BEC SSP.

If the BEC has not developed and documented an emergency local account recovery procedure for the BEC Account of Last Resort, this is a finding.

Vulnerability Number

V-80435

Documentable

False

Rule Version

BROM-00-000300

Severity Override Guidance

Ask the site representatives if they have developed and documented an emergency local account recovery procedure for the BEC Account of Last Resort.

Examine the BEC SSP.

If the BEC has not developed and documented an emergency local account recovery procedure for the BEC Account of Last Resort, this is a finding.

Check Content Reference

M

Target Key

3375

Comments