Title

The Trellix Threat Intelligence Exchange (TIE) server and its installed components must be at the latest vendor released version. (Cat I impact)

Discussion

This requirement will apply to software applications that are not part of that patch management solution. Time frames for application of security-relevant software updates may be dependent upon the Information Assurance Vulnerability Management (IAVM) process. There must be processes in place to ensure application has all security-relevant software updates within an identified time period from the availability of the update. The specific time period will be defined by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). Since the Trellix TIE/DXL system will be under the DISA ESS Program Office configuration management process, all updates must be tested with the ESS baseline prior to being released for production systems. Due to the manual nature of these updates, the severity of this requirement is a CAT I.

Check Content

From the ePO server console, select the System Tree tab. Under System Tree, navigate to find the Trellix TIE server asset and double-click to open its properties. Review the list of Installed Products. Verify the versions of Trellix DXL Management, Trellix DXL Client, and Trellix Threat Intelligence Exchange Server are all at the latest vendor released and Program Office approved levels. If any of the installed products are not at the most current vendor-released and Program-office-approved level, this is a finding.

Fix Text

Install all patches and updates approved by the program office.

Additional Identifiers

Rule ID: SV-221997r961683_rule

Vulnerability ID: V-221997

Group Title: SRG-APP-000456

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.