Check: BROM-00-000100
Bromium Secure Platform 4.x STIG:
BROM-00-000100
(in version v1 r1)
Title
The Bromium Enterprise Controller (BEC) lockout_delay_base in the settings.json file must be set to a minimum of 10 and the lockout_delay_scale must be set to 1 at a minimum. (Cat II impact)
Discussion
By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account.
Check Content
Navigate to C:\ProgramData\Bromium\BMS\settings.json on the BEC. Verify the value of lockout_delay_base is set to "10" and the lockout_delay_scale is set to "1" at a minimum. If the BEC lockout_delay_base in the settings.json file is not set to a minimum of "10" and the lockout_delay_scale is not set to a minimum of "1", this is a finding.
Fix Text
Edit the BEC configuration file (C:\ProgramData\Bromium\BMS\settings.json) to set lockout_delay_base to "10" and the lockout_delay_scale to "1" at a minimum.
Additional Identifiers
Rule ID: SV-95129r1_rule
Vulnerability ID: V-80425
Group Title: SRG-APP-000065
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000044 |
The information system enforces the organization-defined limit of consecutive invalid logon attempts by a user during the organization-defined time period. |
Controls
Number | Title |
---|---|
AC-7 |
Unsuccessful Logon Attempts |