| V-213327 | | The Solidcore client Command Line Interface (CLI) must be in lockdown mode. | By default, when an endpoint's Solidcore installation is managed by the ePO server, the CLI will automatically be in lockdown mode. This will ensure t... |
| V-213328 | | The Solidcore client Command Line Interface (CLI) Access Password must be changed from the default. | The Solidcore client can be configured locally at the CLI, but only when accessed with the required password.
Since the Trellix Application Control c... |
| V-213316 | | A Trellix Application Control written policy must be documented to outline the organization-specific variables for application whitelisting. | Enabling application whitelisting without adequate design and organization-specific requirements will either result in an implementation which is too ... |
| V-213317 | | The use of a Solidcore 8.x local Command Line Interface (CLI) Access Password must be documented in the organizations written policy. | The Solidcore client can be configured locally at the CLI, but only when accessed with the required password.
Since the Trellix Application Control c... |
| V-213318 | | The Solidcore client Command Line Interface (CLI) Access password complexity requirements must be documented in the organizations written policy. | The Solidcore client can be configured locally at the CLI, but only when accessed with the required password.
The misuse of the CLI would open the sy... |
| V-213319 | | The Solidcore client Command Line Interface (CLI) Access Password protection process must be documented in the organizations written policy. | The Solidcore client can be configured locally at the CLI, but only when accessed with the required password.
Since the Trellix Application Control c... |
| V-213320 | | The requirement for scheduled Solidcore client Command Line Interface (CLI) Access Password changes must be documented in the organizations written policy. | The Solidcore client can be configured locally at the CLI, but only when accessed with the required password.
The misuse of the CLI would open the sy... |
| V-213321 | | The process by which the Solidcore client Command Line Interface (CLI) Access Password is made available to administrators when needed must be documented in the organizations written policy. | The Solidcore client can be configured locally at the CLI, but only when accessed with the required password.
Since the Trellix Application Control c... |
| V-213322 | | The Trellix Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be confined to the organizations enclave. | Data will be leaving the endpoint to be analyzed by the ATD. Because data could feasibly be intercepted en route, risk of outside threats is minimized... |
| V-213323 | | The configuration of features under Trellix Application Control Options policies Enforce feature control must be documented in the organizations written policy. | By default, the Trellix Application Control prevents installation of ActiveX controls on endpoints, enforces memory protection techniques on endpoints... |
| V-213324 | | The organizations written policy must include a process for how whitelisted applications are deemed to be allowed. | Enabling application whitelisting without adequate design and organization-specific requirements will either result in an implementation which is too ... |
| V-213325 | | The organizations written policy must include procedures for how often the whitelist of allowed applications is reviewed. | Enabling application whitelisting without adequate design and organization-specific requirements will either result in an implementation which is too ... |
| V-213326 | | The Solidcore client must be enabled. | The Application Control whitelisting must be enabled on all workstation endpoints. To enable Application Control, the Solidcore client needs to be in ... |
| V-213329 | | The organization-specific Rules policy must only include executable and dll files that are associated with applications as allowed by the organizations written policy. | To ensure Solidcore clients are only configured to STIG and organization-specific settings, organization-specific ePO policies must be applied to all ... |
| V-213330 | | The Trellix Application Control Options Reputation setting must be configured to use the Trellix Global Threat Intelligence (Trellix GTI) option. | If a Threat Intelligence Exchange (TIE) server is being used in the organization, reputation for files and certificates is fetched from the TIE server... |
| V-213331 | | The Trellix Application Control Options Reputation-Based Execution settings, if enabled, must be configured to allow Most Likely Trusted or Known Trusted only. | When a file is executed on an endpoint, the Application Control performs multiple checks to determine whether to allow or ban the execution. Only file... |
| V-213332 | | The Trellix Application Control Options Advanced Threat Defense (ATD) settings must not be enabled unless an internal ATD is maintained by the organization. | This option will automatically send files with a specific file reputation to ATD for further analysis. This option is not selected by default and must... |
| V-213333 | | The Trellix Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to send all binaries with a reputation of Might be Trusted and below for analysis. | When the file reputation of "Might be Trusted" is configured for being forwarded to ATD, all files with the reputation of "Might be Trusted", "Unknown... |
| V-213334 | | The Trellix Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to only send binaries with a size of 5MB or less. | Since binaries can be large, the file size must be limited to avoid congestion on the network and degradation on the endpoint when sending the binarie... |
| V-213336 | | The Trellix Application Control Options policy must be configured to disable Self-Approval. | The Trellix Application Control Self-Approval feature allows the user to take an action when a user tries to run a new or unknown application.... |
| V-213337 | | The Trellix Application Control Options policy End User Notification, if configured by organization, must have all default variables replaced with the organization-specific data. | The "User Message" option will show a dialog box when an event is detected and display the organization-specified text in the message.... |
| V-213338 | | The Trellix Application Control Options policies Enforce feature control memory protection must be enabled. | By default, the Trellix Application Control prevents installation of ActiveX controls on endpoints, enforces memory protection techniques on endpoints... |
| V-213339 | | Enabled features under Trellix Application Control Options policies Enforce feature control must not be configured unless documented in written policy and approved by ISSO/ISSM. | By default, the Trellix Application Control prevents installation of ActiveX controls on endpoints, enforces memory protection techniques on endpoints... |
| V-213340 | | The Trellix Application Control Options Inventory option must be configured to hide OS Files. | By default, the Windows operating system files are excluded from the inventory. By selecting this option, the overwhelming the inventory with legitima... |
| V-213341 | | The Trellix Application Control Options Inventory interval option must be configured to pull inventory from endpoints on a regular basis not to exceed seven days. | When Trellix Application Control is deployed on a system, it creates a whitelist of all executable binaries and scripts present on the system. The whi... |
| V-213342 | | The Trellix Applications Default Rules policy must be part of the effective rules policy applied to every endpoint. | To ensure Solidcore clients are only configured to STIG and organization-specific settings, organization-specific ePO policies must be applied to all ... |
| V-213343 | | A copy of the Trellix Default Rules policy must be part of the effective rules policy applied to every endpoint. | To ensure Solidcore clients are only configured to STIG and organization-specific settings, an organization-specific ePO policies must be applied to a... |
| V-213344 | | The organization-specific Rules policies must be part of the effective rules policy applied to all endpoints. | To ensure Solidcore clients are only configured to STIG and organization-specific settings, an organization-specific ePO policies must be applied to a... |
| V-213345 | | The organization-specific Solidcore Client Policies must be created and applied to all endpoints. | Trellix Application Control is deployed with default policies. To ensure the default policies are not used and that an organization knowingly configur... |
| V-213346 | | The Throttling settings must be enabled and configured to settings according to organizations requirements. | The throttling settings regulate the data flow between the clients and Trellix ePO. The value for each category defines the number of entries that wil... |
| V-213347 | | The Solidcore Client Exception Rules must be documented in the organizations written policy. | When exceptions are created for applications, it results in potential attack vectors. As such, exceptions should only be created with a full approval ... |
