STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Trellix Application Control 8.x Security Technical Implementation Guide

V-213323

CAT II (Medium)

The configuration of features under Trellix Application Control Options policies Enforce feature control must be documented in the organizations written policy.

Rule ID

SV-213323r961479_rule

STIG

Trellix Application Control 8.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-001774

Discussion

By default, the Trellix Application Control prevents installation of ActiveX controls on endpoints, enforces memory protection techniques on endpoints, and prevents MSI-installers from running on endpoints. The Feature Control allows for those safeguards to be bypassed and in doing so renders the Trellix Application Control less effective.

Check Content

Consult with the ISSO/ISSM to obtain a copy of the organization's documented policy for application whitelisting.

Review the written policy for how the Solidcore client interface is used by the organization.

Verify the written policy identifies whether additional features are enabled or not under "Enforce feature control" of the Trellix Application Control Options ePO policy.

If the written policy does not identify whether additional features are enabled or not under "Enforce feature control" of the Trellix Application Control Options ePO policy, this is a finding.

Fix Text

Follow the formal change and acceptance process to document any features needing to be enabled.