National Vulnerability Database

National Vulnerability Database

National Vulnerability

Bromium Secure Platform 4.x STIG Version 1, Release 1 Checklist Details (Checklist Revisions)

Supporting Resources:


Target CPE Name
Bromium Secure Platform 4.0 cpe:/a:bromium:secure_platform:4.0 (View CVEs)

Checklist Highlights

Checklist Name:
Bromium Secure Platform 4.x STIG
Checklist ID:
Version 1, Release 1
Review Status:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:

Checklist Summary:

The Bromium Secure Platform 4.x Security Technical Implementation Guide (STIG) provides the technical security policies, requirements, and implementation details for applying security concepts to the Bromium Secure Platform 4.0. This document provides requirements to secure the functionality of both the Bromium Enterprise Controller (BEC) installed on a Windows server and the Bromium vSentry client installed on an endpoint. The Bromium Threat Cloud Service is out of scope for this STIG. The Bromium Secure Platform provides virtualization-based application isolation and containment for endpoint protection. Each application is run in a micro-virtual machine (micro-VM) that provides containment for malicious code, malware, and threats. The product does not prevent installation of an unauthorized application but rather allows it to be installed in a micro-VM and run in isolation. This isolation allows the product to collect threat information that can be aggregated by a central events analysis tool and leveraged to protect other devices. When the micro-VM is closed, the threat is eliminated without contaminating other processes and applications on the endpoint. Note that micro-VMs do not have direct network or printer access. The administrator may also opt to use Bromium to restrict access to unauthorized executables, but this function must also be configured with the guidance provided in the Bromium Secure Platform 4.x STIG. Other endpoint security products such as HBSS do not have visibility into the micro-VMs when installed on the Bromium vSentry client. However, the HBSS client may be installed on the same endpoint.

Checklist Role:

  • Active Directory Server
  • Virtualization Server

Known Issues:

Not provided.

Target Audience:

Not provided.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoDI 8500.01


Comments or proposed revisions to this document should be sent via email to the following address: DISA will coordinate all change requests with the relevant DoD organizations before inclusion in this document. Approved changes will be made in accordance with the DISA maintenance release schedule.


Not provided.

Product Support:

Parties within the DoD and Federal Government’s computing environments can obtain the applicable STIG from the Information Assurance Support Environment (IASE) website. This site contains the latest copies of any STIGs, SRGs, and other related security information. The address for the IASE site is

Point of Contact:


Not provided.


Not provided.

Change History:

New Checklist - 6/4/18
updated to FINAL - 7/3/2018


URL Description


Reference URL Description

NIST checklist record last modified on 07/03/2018