STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018:

The Bromium Enterprise Controller (BEC) must be configured to permit only authorized users to remotely view, in real time (within seconds of event occurring), all content related to an established Bromium vSentry client session.

DISA Rule

SV-95151r1_rule

Vulnerability Number

V-80447

Group Title

SRG-APP-000355

Rule Version

BROM-00-000755

Severity

CAT III

CCI(s)

• CCI-001920 - The information system provides the capability for authorized users to remotely view/hear all content related to an established user session in real time.

Weight

10

Fix Recommendation

The administrator must be in a group that has a role with permissions to view Events and Threats. To give an administrator permission to view Event and Threat configured us the following threat.

1. Using the management console, navigate to "Settings".
2. Select "Roles".
3. Select the role(s) that need permission to view user sessions and activity.
4. Under the "Events" section, enable the "View Events" permission.
5. Under the "Threats" section, enable the "View Threats" permission.
6. Click "Save Changes".

Check Contents

Ask the site representative for a list of administrators who are authorized to view Bromium vSentry client activity. Verify unauthorized users are not members of groups that have been assigned roles that have the "View Events" and "View Threats" privilege.

1. From the BEC console, navigate to "Settings".
2. Select "Roles".
3. Click on each Role to see which ones have "View Events" and "View Threats" checked.
4. For the Roles which have enabled for "View Events" or "View Threats", navigate to the Groups area and check which Groups they are assigned to.
5. Navigate to "Settings" and "User Groups" to verify that users who are not on the list are not assigned to Groups with Roles that have "View Events" or "View Threats" enabled.

If the BEC is not configured to permit only authorized users to remotely view, in real time (within seconds of event occurring), all content related to an established Bromium vSentry client session, this is a finding.

Vulnerability Number

V-80447

Documentable

False

Rule Version

BROM-00-000755

Severity Override Guidance

Ask the site representative for a list of administrators who are authorized to view Bromium vSentry client activity. Verify unauthorized users are not members of groups that have been assigned roles that have the "View Events" and "View Threats" privilege.

1. From the BEC console, navigate to "Settings".
2. Select "Roles".
3. Click on each Role to see which ones have "View Events" and "View Threats" checked.
4. For the Roles which have enabled for "View Events" or "View Threats", navigate to the Groups area and check which Groups they are assigned to.
5. Navigate to "Settings" and "User Groups" to verify that users who are not on the list are not assigned to Groups with Roles that have "View Events" or "View Threats" enabled.

If the BEC is not configured to permit only authorized users to remotely view, in real time (within seconds of event occurring), all content related to an established Bromium vSentry client session, this is a finding.

Check Content Reference

M

Target Key

3375

Comments