| Finding ID |
Severity |
Title |
Description |
|
V-272629
|
High |
CylanceON-PREM must be configured to use TLS 1.2 or higher. |
Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol.
Satisfies: SRG-APP-000014, SRG-APP-000156, SRG-APP-000172, SRG-APP-000179, SRG-APP-000219, SRG-APP-000439, SRG-APP-000440, SRG-APP-000441, SRG-APP-000442, SRG-APP-000560, SRG-APP-000565, SRG-APP-000605, SRG-APP-000645 |
|
V-272642
|
Medium |
All associated custom applications, including API endpoints, must be inventoried and managed. |
The Console Applications page provides integration with the CylanceON-PREM API. An application has a unique application ID and application secret for generating an access token, which is used to access the API. Administrators create the applications, then give API users the application ID and application secret.
Inventorying and managing CylanceON-PREM's... |
|
V-272641
|
Medium |
CylanceON-PREM must be restarted every 30 days to invoke health checks. |
Restarting CylanceON-PREM every 30 days ensures system stability and performance.
Regular health checks of the system reduce the risk of security function failures in the system.
Satisfies: SRG-APP-000473, SRG-APP-000475 |
|
V-272640
|
Medium |
CylanceON-PREM must be running the latest release. |
Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any contractor to the organization) are required to promptly install security-relevant software updates (e.g., patches, service packs, and hot fixes). Flaws discovered during security assessments, continuous... |
|
V-272639
|
Medium |
CylanceON-PREM must be configured with a DOD issued certificate (or another authorizing official [AO]-approved certificate). |
The DOD will only accept PKI certificates obtained from a DOD-approved internal or external certificate authority. Reliance on certificate authorities (CAs) for the establishment of secure sessions includes, for example, the use of TLS certificates.
This requirement focuses on communications protection for the CylanceON-PREM session rather than for the network... |
|
V-272638
|
Medium |
CylanceON-PREM must disable all functions, ports, protocols and services not required. |
Unnecessary or unsecured ports, protocols, and services present many risks for attackers and may go undetected. |
|
V-272637
|
Medium |
CylanceON-PREM must be configured to use an external database if users exceed 30,000. |
Exhausting audit log storage will introduce failures in audit logging, which will result in loss of security monitoring information.
Satisfies: SRG-APP-000357, SRG-APP-000359 |
|
V-272636
|
Medium |
CylanceON-PREM must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. |
there must not be local users/roles within CylanceON-PREM. Manually verifying local users and roles ensures that unauthorized users do not gain access to sensitive resources. |
|
V-272635
|
Medium |
CylanceON-PREM must enforce that all files accessed are evaluated against the AI model for potential threats. |
CylanceON-PREM enforces file evaluations against its AI model to ensure proactive, predictive, and comprehensive security. Failure to scan files introduces a potential risk to the system. |
|
V-272634
|
Medium |
CylanceON-PREM must be configured to send alerts via Simple Mail Transfer Protocol (SMTP). |
Failure to notify personnel of failed tests introduces a risk to the system. Corrective action and the unsecure condition(s) will remain.
Satisfies: SRG-APP-000275, SRG-APP-000279, SRG-APP-000940 |
|
V-272633
|
Medium |
CylanceON-PREM must be configured with only one local Role to be used by the account of last resort in the event the authentication server is unavailable. |
CylanceON-PREM uses a third-party identity provider (IDP) for access. The use of a "break glass" account is a critical failsafe measure for emergency situations where normal administrative access is unavailable. |
|
V-272632
|
Medium |
CylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications. |
Integrating a Central Log Server for managing audit records enhances security monitoring, incident response, and compliance efforts. By providing centralized logging, real-time analysis, and automated alerting, a Central Log Server allows CylanceON-PREM to maintain a robust security posture and effectively respond to potential threats, ultimately contributing to the organization's overall... |
|
V-272631
|
Medium |
Session-only-based cookies must be enabled. |
Cookies must only be allowed per session and only for approved URLs, as permanently stored cookies can be used for malicious intent.
Approved URLs may be allowlisted via the "CookiesAllowedForUrls" or "SaveCookiesOnExit" policy settings, but these are not requirements. |
|
V-272630
|
Medium |
CylanceON-PREM must be configured to show the standard mandatory DOD Notice and Consent Banner before granting access to CylanceON-PREM. |
|
|
V-272628
|
Medium |
CylanceON-PREM must be configured to initiate a session timeout after 10 minutes of inactivity. |
Ensuring inactive sessions are terminated provides protection against misuse of the system.
Satisfies: SRG-APP-000003, SRG-APP-000190, SRG-APP-000295 |
|
V-272627
|
Low |
CylanceON-PREM must be configured to use a third-party identity provider. |
Configuring CylanceON-PREM to integrate with an Enterprise Identity Provider enhances security, simplifies user management, ensures compliance, provides auditing capabilities, and offers a more seamless and consistent user experience. It aligns CylanceON-PREM with enterprise standards and contributes to a more efficient and secure environment.
Satisfies: SRG-APP-000001, SRG-APP-000023, SRG-APP-000025, SRG-APP-000033, SRG-APP-000065, SRG-APP-000118,... |