For Infrastructure as a Service (IaaS)/Platform as a Service (PaaS), the Mission Owner must configure an intrusion detection and prevention system (IDPS) to protect DOD virtual machines (VMs), services, and applications.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259867	SRG-NET-000383-CLD-000105	SV-259867r945589_rule		High

Description
Network environments and applications installed using an IaaS/PaaS cloud service offering where the Mission Owner has control over the environment must comply with DOD network infrastructure and host policies. Putting an application in the cloud does not take care of all security responsibilities. Without coordinated reporting between cloud service environments used for the DOD mission, it is not possible to identify the true scale and possible target of an attack. An IDPS protects Mission Owner enclaves and applications hosted in an off-premise cloud service offering and may be deployed within the cloud service environment, cloud access point, or supporting Core Data Center (CDC). Additionally, an IDPS facilitates the reporting of incidents and aids in the coordination of response actions between all stakeholders of the cloud service offering and/or mission owner applications. The Mission Owner and/or their cybersecurity service provider (CSSP) must be able to monitor the virtual network boundary. For dedicated infrastructure with a DODIN connection (Levels 4–6), implement an IDPS that monitors and works with the virtual security infrastructure (e.g., firewall, routing tables, web application firewall, etc.) to protect traffic flow inbound and outbound to/from the virtual network to the DODIN connection.

Description

Network environments and applications installed using an IaaS/PaaS cloud service offering where the Mission Owner has control over the environment must comply with DOD network infrastructure and host policies. Putting an application in the cloud does not take care of all security responsibilities. Without coordinated reporting between cloud service environments used for the DOD mission, it is not possible to identify the true scale and possible target of an attack. An IDPS protects Mission Owner enclaves and applications hosted in an off-premise cloud service offering and may be deployed within the cloud service environment, cloud access point, or supporting Core Data Center (CDC). Additionally, an IDPS facilitates the reporting of incidents and aids in the coordination of response actions between all stakeholders of the cloud service offering and/or mission owner applications. The Mission Owner and/or their cybersecurity service provider (CSSP) must be able to monitor the virtual network boundary. For dedicated infrastructure with a DODIN connection (Levels 4–6), implement an IDPS that monitors and works with the virtual security infrastructure (e.g., firewall, routing tables, web application firewall, etc.) to protect traffic flow inbound and outbound to/from the virtual network to the DODIN connection.

STIG	Date
Cloud Computing Mission Owner Network Security Requirements Guide	2024-06-13

Details

Check Text ( C-63598r945587_chk )
If this is a Software as a Service (SaaS), this is not applicable. Review the Service Level Agreement and architecture documentation. Verify the virtual IDPS is in place by inspecting the architecture diagrams. Verify it is placed to monitor and protect the IaaS, PaaS, and interconnected host VMs. Verify a secure (encrypted) connection exists between the virtual IDPS capabilities and the CSSP responsible for the mission system/application. If the Mission Owner has not configured the IaaS or PaaS IDPS to monitor and protect the IaaS and interconnected VMs, this is a finding.

Check Text ( C-63598r945587_chk )

If this is a Software as a Service (SaaS), this is not applicable.

Review the Service Level Agreement and architecture documentation. Verify the virtual IDPS is in place by inspecting the architecture diagrams. Verify it is placed to monitor and protect the IaaS, PaaS, and interconnected host VMs.

Verify a secure (encrypted) connection exists between the virtual IDPS capabilities and the CSSP responsible for the mission system/application.

If the Mission Owner has not configured the IaaS or PaaS IDPS to monitor and protect the IaaS and interconnected VMs, this is a finding.

Fix Text (F-63505r945588_fix)
This applies to all Impact Levels. FedRAMP Moderate, High. Configure a virtual IDPS to monitor and protect the DOD VMs, services, and applications.