STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

McAfee Application Control 7.x Security Technical Implementation Guide

Version

V1R4

Benchmark ID

McAfee_Application_Control_7-x_STIG

Total Checks

33

Tags

application
CAT I: 3CAT II: 30CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (33)

V-74175MEDIUMA McAfee Application Control written policy must be documented to outline the organization-specific variables for application whitelisting.V-74195MEDIUMThe Solidcore client Command Line Interface (CLI) Access Password protection process must be documented in the organizations written policy.V-74197MEDIUMThe requirement for scheduled Solidcore client Command Line Interface (CLI) Access Password changes must be documented in the organizations written policy.V-74199MEDIUMThe process by which the Solidcore client Command Line Interface (CLI) Access Password is made available to administrators when needed must be documented in the organizations written policy.V-74201MEDIUMThe McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be confined to the organizations enclave.V-74203MEDIUMThe configuration of features under McAfee Application Control Options policies Enforce feature control must be documented in the organizations written policy.V-74205MEDIUMThe organizations written policy must include a process for how whitelisted applications are deemed to be allowed.V-74207MEDIUMThe organizations written policy must include procedures for how often the whitelist of allowed applications is reviewed.V-74209MEDIUMThe Solidcore client must be enabled.V-74211HIGHThe Solidcore client Command Line Interface (CLI) must be in lockdown mode.V-74213HIGHThe Solidcore client Command Line Interface (CLI) Access Password must be changed from the default.V-74215MEDIUMThe organization-specific Rules policy must only include executable and dll files that are associated with applications as allowed by the organizations written policy.V-74217MEDIUMThe McAfee Application Control Options Reputation setting must be configured to use the McAfee Global Threat Intelligence (McAfee GTI) option.V-74219MEDIUMThe use of a Solidcore 7.x local Command Line Interface (CLI) Access Password must be documented in the organizations written policy.V-74221MEDIUMThe Solidcore client Command Line Interface (CLI) Access password complexity requirements must be documented in the organizations written policy.V-74223MEDIUMThe McAfee Application Control Options Reputation-Based Execution settings, if enabled, must be configured to allow Most Likely Trusted or Known Trusted only.V-74225MEDIUMThe McAfee Application Control Options Advanced Threat Defense (ATD) settings must not be enabled unless an internal ATD is maintained by the organization.V-74227MEDIUMThe McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to send all binaries with a reputation of Might be Trusted and below for analysis.V-74229MEDIUMThe McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to only send binaries with a size of 5 MB or less.V-74231MEDIUMOrganization-specific McAfee Applications Control Options policies must be created and applied to all endpoints.V-74233MEDIUMThe McAfee Application Control Options policy must be configured to disable Self-Approval.V-74235MEDIUMThe McAfee Application Control Options policy End User Notification, if configured by organization, must have all default variables replaced with the organization-specific data.V-74237MEDIUMThe McAfee Application Control Options policies Enforce feature control memory protection must be enabled.V-74239MEDIUMEnabled features under McAfee Application Control Options policies Enforce feature control must not be configured unless documented in written policy and approved by ISSO/ISSM.V-74241MEDIUMThe McAfee Application Control Options Inventory option must be configured to hide OS Files.V-74243MEDIUMThe McAfee Application Control Options Inventory interval option must be configured to pull inventory from endpoints on a regular basis not to exceed seven days.V-74247MEDIUMThe McAfee Applications Default Rules policy must be part of the effective rules policy applied to every endpoint.V-74249MEDIUMA copy of the McAfee Default Rules policy must be part of the effective rules policy applied to every endpoint.V-74251MEDIUMThe organization-specific Rules policies must be part of the effective rules policy applied to all endpoints.V-74253MEDIUMThe organization-specific Solidcore Client Policies must be created and applied to all endpoints.V-74255MEDIUMThe Throttling settings must be enabled and configured to settings according to organizations requirements.V-74257MEDIUMThe Solidcore Client Exception Rules must be documented in the organizations written policy.V-74258HIGHThe version of McAfee Application Control running on the system must be a supported version.