Come July NERC CIP V6 comes into play, and for thoes with appliances (McAfee SIEM, ESM, ACE, ELM, ect.) in their EACMS how do you plan on complying with CIP-007-5?
The requirement is "Deploy method(s) to deter, detect, or prevent malicious code." The measures they bring out are "An example of evidence may include, but is not limited to, records of the Responsible Entity’s performance of these processes (e.g., through traditional antivirus, system hardening, policies, etc.)."
So is there a System Hardening document from manufacture? or any other document of security measures taken for these devices?
McAfee states the SIEM runs on SUSE, RHEL, and one other LINUX platform.
Can anyone confirm which flavor of LINUX the McAfee SIEM appliance runs under?
Regards, David Hawley CISSP, SIEM SME
They sold as hardened appliances, are not based on any particular distribution, and you are unlikely to find out what hardening has been implemented even under a NDA.
Correct. The underlying OS is not based on a public distribution and modifying most settings will void the warranty. I have a hardening checklist I use so I'll try to get that posted. The original post is from a year ago so I assume it can wait a little longer.
McAfee Service Portal customers please use your existing username and password to log into the community.