STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 5 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Trend Micro Deep Security 9.x Security Technical Implementation Guide

Version

V2R1

Release Date

Dec 1, 2023

SCAP Benchmark ID

Trend_Micro_Deep_Security_9-x_STIG

Total Checks

85

Tags

other

CAT I: 4CAT II: 81CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (85)

V-241108MEDIUMTrend Deep Security must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.V-241109MEDIUMTrend Deep Security must initiate a session lock after a 15-minute period of inactivity.V-241110MEDIUMTrend Deep Security must provide automated mechanisms for supporting account management functions.V-241111MEDIUMTrend Deep Security must automatically audit account creation.V-241112MEDIUMTrend Deep Security must automatically audit account modification.V-241113MEDIUMTrend Deep Security must automatically audit account disabling actions.V-241114MEDIUMTrend Deep Security must automatically audit account removal actions.V-241115MEDIUMTrend Deep Security must enforce approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.V-241116MEDIUMTrend Deep Security must enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.V-241117MEDIUMTrend Deep Security must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period.V-241118MEDIUMTrend Deep Security must scan all media used for system maintenance prior to use.V-241119MEDIUMTrend Deep Security must provide audit record generation capability for DoD-defined auditable events within all application components.V-241120MEDIUMTrend Deep Security must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.V-241121MEDIUMTrend Deep Security must generate audit records when successful/unsuccessful attempts to access privileges occur.V-241122MEDIUMTrend Deep Security must initiate session auditing upon startup.V-241123MEDIUMTrend Deep Security must alert the ISSO and SA (at a minimum) in the event of an audit processing failure.V-241124MEDIUMTrend Deep Security must protect audit information from any type of unauthorized read access.V-241125MEDIUMTrend Deep Security must protect audit information from unauthorized modification.V-241126MEDIUMTrend Deep Security must protect audit information from unauthorized deletion.V-241127MEDIUMTrend Deep Security must protect audit tools from unauthorized access.V-241128MEDIUMTrend Deep Security must protect audit tools from unauthorized modification.V-241129MEDIUMTrend Deep Security must protect audit tools from unauthorized deletion.V-241130MEDIUMTrend Deep Security must back up audit records at least every seven days onto a different system or system component than the system or component being audited.V-241131HIGHTrend Deep Security must use cryptographic mechanisms to protect the integrity of audit information.V-241132MEDIUMTrend Deep Security must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.V-241133MEDIUMTrend Deep Security must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).V-241134MEDIUMTrend Deep Security must enforce a minimum 15-character password length.V-241135MEDIUMTrend Deep Security must enforce password complexity by requiring that at least one upper-case character be used.V-241136MEDIUMTrend Deep Security must enforce password complexity by requiring that at least one lower-case character be used.V-241137MEDIUMTrend Deep Security must enforce password complexity by requiring that at least one numeric character be used.V-241138MEDIUMTrend Deep Security must enforce password complexity by requiring that at least one special character be used.V-241139MEDIUMTrend Deep Security must enforce a 60-day maximum password lifetime restriction.V-241140MEDIUMTrend Deep Security must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).V-241141MEDIUMTrend Deep Security must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity; and for user sessions (non-privileged session), the session must be terminated after 15 minutes of inactivity, except to fulfill documented and validated mission requirements.V-241142MEDIUMTrend Deep Security must isolate security functions from non-security functions.V-241143MEDIUMTrend Deep Security must restrict the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems.V-241144MEDIUMTrend Deep Security must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.V-241145MEDIUMTrend Deep Security must automatically update malicious code protection mechanisms.V-241146MEDIUMTrend Deep Security must notify ISSO and ISSM of failed security verification tests.V-241147MEDIUMTrend Deep Security must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.V-241148MEDIUMTrend Deep Security must configure malicious code protection mechanisms to perform periodic scans of the information system every seven (7) days.V-241149MEDIUMTrend Deep Security must be configured to perform real-time malicious code protection scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.V-241150MEDIUMTrend Deep Security must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals.V-241151MEDIUMTrend Deep Security must notify System Administrators and Information System Security Officers when accounts are created.V-241152MEDIUMTrend Deep Security must notify System Administrators and Information System Security Officers when accounts are modified.V-241153MEDIUMTrend Deep Security must notify System Administrators and Information System Security Officers for account disabling actions.V-241154MEDIUMTrend Deep Security must notify System Administrators and Information System Security Officers for account removal actions.V-241155MEDIUMTrend Deep Security must automatically audit account enabling actions.V-241156MEDIUMTrend Deep Security must notify SA and ISSO of account enabling actions.V-241157MEDIUMTrend Deep Security must audit the execution of privileged functions.V-241158MEDIUMTrend Deep Security must off-load audit records onto a different system or media than the system being audited.V-241159MEDIUMTrend Deep Security must provide an immediate warning to the SA and ISSO (at a minimum) when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.V-241160MEDIUMTrend Deep Security must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events requiring real-time alerts.V-241161MEDIUMTrend Deep Security must alert the ISSO, ISSM, and other designated personnel (deemed appropriate by the local organization) when the unauthorized installation of software is detected.V-241162MEDIUMTrend Deep Security must prohibit user installation of software without explicit privileged status.V-241163MEDIUMTrend Deep Security must implement organization-defined automated security responses if baseline configurations are changed in an unauthorized manner.V-241164MEDIUMTrend Deep Security must enforce access restrictions associated with changes to application configuration.V-241165MEDIUMTrend Deep Security must audit the enforcement actions used to restrict access associated with changes to the application.V-241166MEDIUMTrend Deep Security must only allow the use of DoD PKI established certificate authorities for verification of the establishment of protected sessions.V-241167MEDIUMTrend Deep Security must maintain a separate execution domain for each executing process.V-241168MEDIUMTrend Deep Security must protect against or limit the effects of all types of Denial of Service (DoS) attacks by employing organization-defined security safeguards.V-241169MEDIUMTrend Deep Security must implement organization-defined security safeguards to protect its memory from unauthorized code execution.V-241170MEDIUMTrend Deep Security must install security-relevant software updates within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).V-241171MEDIUMTrend Deep Security detection application must detect network services that have not been authorized or approved by the organization-defined authorization or approval processes.V-241172MEDIUMTrend Deep Security must, when unauthorized network services are detected, log the event and alert the ISSO, ISSM, and other individuals designated by the local organization.V-241173MEDIUMTrend Deep Security must continuously monitor inbound communications traffic for unusual or unauthorized activities or conditions.V-241174MEDIUMTrend Deep Security must alert the ISSO, ISSM, and other individuals designated by the local organization when the following Indicators of Compromise (IOCs) or potential compromise are detected: real-time intrusion detection; threats identified by authoritative sources (e.g., CTOs); and Category I, II, IV, and VII incidents in accordance with CJCSM 6510.01B.V-241175MEDIUMTrend Deep Security must generate audit records when successful/unsuccessful attempts to modify privileges occur.V-241176MEDIUMTrend Deep Security must generate audit records when successful/unsuccessful attempts to modify security objects occur.V-241177MEDIUMTrend Deep Security must generate audit records when successful/unsuccessful attempts to modify security levels occur.V-241178MEDIUMTrend Deep Security must generate audit records when successful/unsuccessful attempts to delete privileges occur.V-241179MEDIUMTrend Deep Security must generate audit records when successful/unsuccessful attempts to delete security objects occur.V-241180MEDIUMTrend Deep Security must generate audit records when successful/unsuccessful logon attempts occur.V-241181MEDIUMTrend Deep Security must generate audit records for privileged activities or other system-level access.V-241182MEDIUMTrend Deep Security must generate audit records when successful/unsuccessful accesses to objects occur.V-241183MEDIUMTrend Deep Security must generate audit records for all direct access to the information system.V-241184MEDIUMTrend Deep Security must generate audit records for all account creations, modifications, disabling, and termination events.V-241185MEDIUMTrend Deep Security must generate audit records for all kernel module load, unload, and restart events and, also for all program initiations.V-241186MEDIUMTrend Deep Security must, at a minimum, off-load interconnected systems in real time and off-load standalone systems weekly.V-241187MEDIUMTrend Deep Security must notify the system administrator when anomalies in the operation of the security functions are discovered.V-241188MEDIUMTrend Deep Security must implement security safeguards when integrity violations are discovered.V-241189MEDIUMTrend Deep Security must synchronize with Active Directory on a daily (or AO-defined) basis.V-241190HIGHTrend Deep Security must reside on a Web Server configured for multifactor authentication.V-241191HIGHTrend Deep Security must ensure users are authenticated with an individual authenticator prior to using a group authenticator.V-259713HIGHThe version of Trend Deep Security running on the system must be a supported version.