Bromium Secure Platform 4.x STIG Version 1, Release 1 Checklist Details (Checklist Revisions)
The Bromium Secure Platform 4.x Security Technical Implementation Guide (STIG) provides the technical security policies, requirements, and implementation details for applying security concepts to the Bromium Secure Platform 4.0. This document provides requirements to secure the functionality of both the Bromium Enterprise Controller (BEC) installed on a Windows server and the Bromium vSentry client installed on an endpoint. The Bromium Threat Cloud Service is out of scope for this STIG.
The Bromium Secure Platform provides virtualization-based application isolation and containment for endpoint protection. Each application is run in a micro-virtual machine (micro-VM) that provides containment for malicious code, malware, and threats. The product does not prevent installation of an unauthorized application but rather allows it to be installed in a micro-VM and run in isolation. This isolation allows the product to collect threat information that can be aggregated by a central events analysis tool and leveraged to protect other devices. When the micro-VM is closed, the threat is eliminated without contaminating other processes and applications on the endpoint. Note that micro-VMs do not have direct network or printer access. The administrator may also opt to use Bromium to restrict access to unauthorized executables, but this function must also be configured with the guidance provided in the Bromium Secure Platform 4.x STIG.
Other endpoint security products such as HBSS do not have visibility into the micro-VMs when installed on the Bromium vSentry client. However, the HBSS client may be installed on the same endpoint.
- Active Directory Server
- Virtualization Server
- Specialized Security-Limited Functionality (SSLF)
Parties within the DoD and Federal Government’s computing environments can obtain the applicable STIG from the Information Assurance Support Environment (IASE) website. This site contains the latest copies of any STIGs, SRGs, and other related security information. The address for the IASE site is http://iase.disa.mil/.
New Checklist - 6/4/18
updated to FINAL - 7/3/2018
NIST checklist record last modified on 07/03/2018