UCF STIG Viewer Logo

IDPS Security Requirements Guide (SRG)


Overview

Date Finding Count (309)
2012-03-08 CAT I (High): 7 CAT II (Med): 227 CAT III (Low): 75
STIG Description
The IDPS Security Requirements Guide (SRG) is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the NIST 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: fso_spt@disa.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
SRG-NET-000160-IDPS-000147 High The IDPS must enforce password encryption for storage.
SRG-NET-000058-IDPS-000006 High The IDPS must allow only authorized administrators to change security attributes.
SRG-NET-000219-IDPS-000178 High Modems used for remote access to the IDPS, must be able to authenticate users using two-factor authentication.
SRG-NET-000161-IDPS-000144 High The IDPS must enforce password encryption for transmission.
SRG-NET-000060-IDPS-000008 High The IDPS must allow authorized system administrators to associate security attributes with information.
SRG-NET-000060-IDPS-000010 High The IPS must only allow authorized devices to change security attributes.
SRG-NET-000062-IDPS-000012 High Communications using the auxiliary port(s) must be configured to use cryptography to protect the confidentiality of the remote access session.
SRG-NET-000203-IDPS-NA Medium The network element must route organizationally defined internal communications traffic to organizationally defined external networks through authenticated proxy servers within the managed interfaces of boundary protection devices.
SRG-NET-000067-IDPS-000016 Medium The IDPS must disable use of organizationally defined networking protocols.
SRG-NET-000277-IDPS-NA Medium The IPS must disable network access by unauthorized devices and must log the information as a security violation.
SRG-NET-000190-IDPS-000201 Medium The IDPS must prevent unauthorized and unintended information transfer via shared system resources.
SRG-NET-000018-IDPS-000042 Medium The IDPS must allow only in-band management sessions from authorized IP addresses from the internal network.
SRG-NET-000266-IDPS-000236 Medium The IDPS must detect rogue wireless devices, attack attempts, and potential compromises or breaches to the wireless network.
SRG-NET-000170-IDPS-000158 Medium The IDPS must employ automated mechanisms to assist in the tracking of security incidents.
SRG-NET-000168-IDPS-000156 Medium For password protection, the IDPS must use mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.
SRG-NET-000184-IDPS-000200 Medium The IDPS must isolate security functions from non-security functions.
SRG-NET-000208-IDPS-000211 Medium The IDPS must use cryptographic mechanisms to protect the integrity of information while in transit.
SRG-NET-000216-IDPS-NA Medium The IDPS must produce, control, and distribute symmetric and asymmetric cryptographic keys using NSA-approved key management technology and processes.
SRG-NET-000081-IDPS-000078 Medium The IDPS must support the requirement to centrally manage the events from multiple sensor queues.
SRG-NET-000228-IDPS-000183 Medium The IDPS must implement detection and inspection mechanisms to identify unauthorized mobile code.
SRG-NET-000097-IDPS-000098 Medium The IDPS must authenticate NTP messages received.
SRG-NET-000186-IDPS-000197 Medium The IDPS must isolate security functions used to enforce access and information flow control from both non-security functions and from other security functions.
SRG-NET-000227-IDPS-NA Medium The IDPS must issue public key certificates under an appropriate certificate policy or obtain public key certificates under an appropriate certificate policy from an approved service provider.
SRG-NET-000114-IDPS-000074 Medium The IDPS must allow administrators to select which rule sets are to be logged at the management console and sensor level.
SRG-NET-000121-IDPS-000112 Medium The IDPS must prevent the installation of organizationally defined critical software programs not signed with a certificate that is recognized and approved by the organization.
SRG-NET-000175-IDPS-000161 Medium The IDPS must protect non-local maintenance sessions by separating the maintenance session from other network sessions with the device, by using either physically separated communications paths, or logically separated communications paths based upon encryption.
SRG-NET-000218-IDPS-NA Medium The IDPS must produce, control, and distribute asymmetric cryptographic keys using approved PKI Class 3 or Class 4 certificates and hardware security tokens that protect the user's private key.
SRG-NET-000127-IDPS-000119 Medium The IDPS must employ automated mechanisms to centrally verify configuration settings.
SRG-NET-000287-IDPS-000140 Medium The IDPS console port must be configured to timeout after 10 minutes or less of inactivity.
SRG-NET-000138-IDPS-NA Medium The IDPS must enforce the identification and authentication of all organizational users.
SRG-NET-000019-IDPS-NA Medium The network element must enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
SRG-NET-000256-IDPS-000237 Medium The IDPS must monitor inbound and outbound communications for unusual or unauthorized activities or conditions.
SRG-NET-000107-IDPS-000108 Medium The IDPS must protect application audit and sensor event log information from unauthorized modification.
SRG-NET-000288-IDPS-000185 Medium The IDPS must prevent the download of prohibited mobile code.
SRG-NET-000014-IDPS-000034 Medium The IDPS must be configured to dynamically manage administrative privileges and associated command authorizations.
SRG-NET-000187-IDPS-000198 Medium The IDPS must implement an isolation boundary to minimize the number of non-security functions included within the boundary containing security functions.
SRG-NET-000032-IDPS-000053 Medium The IDPS must enforce organizationally defined one-way traffic flows using hardware mechanisms.
SRG-NET-000215-IDPS-NA Medium The IDPS must produce, control, and distribute symmetric cryptographic keys using NIST-approved or NSA-approved key management technology and processes.
SRG-NET-000021-IDPS-000045 Medium The IDPS must enforce the highest privilege level administrative access to enable or disable security policy filters.
SRG-NET-000071-IDPS-000019 Medium If the site uses periodic WIDS scanning, then the system must be configured to meet the requirements.
SRG-NET-000201-IDPS-000208 Medium The IPS must prevent access into the organization's internal networks except as explicitly permitted and controlled by employing boundary protection devices.
SRG-NET-000243-IDPS-000222 Medium The IDPS must be configured to implement automated patch management tools to facilitate flaw remediation to network components.
SRG-NET-000108-IDPS-000069 Medium The IDPS must log administrator access and system configuration changes in a central logging server such as a management console/server.
SRG-NET-000281-IDPS-NA Medium The IDPS must identify information flows by data type specification and usage when transferring information between different security domains.
SRG-NET-000158-IDPS-000141 Medium The IDPS must enforce password complexity by the number of special characters used.
SRG-NET-000253-IDPS-000224 Medium The IDPS must only update malicious code protection mechanisms when directed by a privileged user.
SRG-NET-000092-IDPS-000234 Medium The IDPS must employ automated mechanisms to alert security personnel of any inappropriate or unusual activities with security implications.
SRG-NET-000239-IDPS-000195 Medium The IDPS must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest unless otherwise protected by alternative physical measures.
SRG-NET-000165-IDPS-000153 Medium The IDPS must enforce authorized access to the corresponding private key for PKI-based authentication.
SRG-NET-000247-IDPS-NA Medium The IDPS must employ malicious code protection mechanisms to perform periodic scans of the information system on an organizationally defined frequency.
SRG-NET-000106-IDPS-000105 Medium The IDPS must use cryptographic mechanisms to protect the integrity of audit and sensor event log information.
SRG-NET-000039-IDPS-000060 Medium The maximum number of unsuccessful login attempts must be set to an organizationally defined value.
SRG-NET-000123-IDPS-000114 Medium The IDPS must limit privileges to change software resident within software libraries.
SRG-NET-000300-IDPS-NA Medium The network element must provide the means to indicate the security status of child subspaces and (if the child supports secure resolution services) enable verification of a chain of trust among parent and child domains when operating as part of a distribution.
SRG-NET-000141-IDPS-000132 Medium The IDPS must use multi-factor authentication for local access to privileged accounts.
SRG-NET-000023-IDPS-000047 Medium The IPS must enforce security policies regarding information on interconnected systems.
SRG-NET-000220-IDPS-000173 Medium The IDPS must employ FIPS-validated cryptography to protect unclassified information.
SRG-NET-000113-IDPS-000073 Medium The IDPS must generate log records for alerts determined by the organization to be relevant to the security of the network infrastructure.
SRG-NET-000024-IDPS-000049 Medium The IDPS must uniquely identify source domains for information transfer.
SRG-NET-000167-IDPS-000155 Medium The IDPS must obscure feedback of authentication information during the authentication process to protect the information from possible use by unauthorized individuals.
SRG-NET-000244-IDPS-000228 Medium The IDPS must implement signatures to detect specific attacks and protocols known to affect web servers.
SRG-NET-000071-IDPS-000020 Medium WIDS sensor scan results must be saved for at least one year.
SRG-NET-000057-IDPS-000005 Medium The IDPS must dynamically reconfigure security attributes in accordance with an identified security policy as information is created and combined.
SRG-NET-000154-IDPS-000143 Medium The IDPS must prohibit password reuse for the organizationally defined number of generations.
SRG-NET-000231-IDPS-000188 Medium The IDPS must invalidate session identifiers upon user logout or other session termination.
SRG-NET-000237-IDPS-000194 Medium The IDPS must implement signatures that detect specific attacks and protocols that should not be seen on the segments containing web servers.
SRG-NET-000234-IDPS-000191 Medium The IDPS must generate unique session identifiers with organizationally defined randomness requirements.
SRG-NET-000179-IDPS-000166 Medium The IDPS must use cryptographic mechanisms to protect and restrict access to information on portable digital media.
SRG-NET-000055-IDPS-000003 Medium The IDPS must support and maintain the binding of organizationally defined security attributes to information in process.
SRG-NET-000257-IDPS-000239 Medium The IDPS must provide near real-time alerts when any of the organizationally defined list of compromise or potential compromise indicators occur.
SRG-NET-000229-IDPS-000182 Medium The IDPS must take corrective action when unauthorized mobile code is identified.
SRG-NET-000251-IDPS-000223 Medium The IDPS must automatically update malicious code protection mechanisms and signature definitions.
SRG-NET-000063-IDPS-000013 Medium The IDPS auxiliary port or modem must be configured to use cryptography to protect the integrity of remote access sessions.
SRG-NET-000273-IDPS-000217 Medium The IDPS must generate notification messages containing information necessary for corrective actions for errors encountered; however, these messages must not contain organizationally defined sensitive or potentially harmful information.
SRG-NET-000144-IDPS-000134 Medium The IDPS must enforce multifactor authentication for network access to privileged accounts where one of the factors is provided by a device separate from the IDPS being accessed.
SRG-NET-000254-IDPS-000225 Medium The IDPS must not allow users to introduce removable media into the information system.
SRG-NET-000069-IDPS-NA Medium The IDPS must protect wireless access to the network using authentication.
SRG-NET-000222-IDPS-000174 Medium The IDPS must employ FIPS-validated cryptography to protect information when such information must be separated from individuals who have the necessary clearances yet lack the necessary access approvals.
SRG-NET-000118-IDPS-000116 Medium The IDPS must enforce access restrictions associated with changes to the information system.
SRG-NET-000016-IDPS-000035 Medium The IDPS must enforce dual authorization based on organizational policies and procedures for organizationally defined privileged commands.
SRG-NET-000199-IDPS-000206 Medium The IDPS must prevent discovery of specific system components or devices comprising a managed interface.
SRG-NET-000018-IDPS-000043 Medium The IDPS management console, management server, or data management console server must reside in the management network (in-band.)
SRG-NET-000152-IDPS-NA Medium The IDPS must dynamically manage identifiers, attributes, and associated access authorizations to enable user access to the network with the appropriate and authorized privileges.
SRG-NET-000018-IDPS-000041 Medium The IPS must enforce approved authorizations for controlling the flow of information within the network in accordance with applicable policy.
SRG-NET-000151-IDPS-000138 Medium The network element must authenticate devices before establishing network connections using bidirectional authentication between cryptographically based devices.
SRG-NET-000134-IDPS-000126 Medium A periodic or continuous monitoring IDS or IPS must be installed to scan the network.
SRG-NET-000226-IDPS-000180 Medium The IDPS must validate the integrity of security attributes exchanged between information systems.
SRG-NET-000194-IDPS-000202 Medium The IDPS must limit and reserve bandwidth based on the priority of the traffic type.
SRG-NET-000056-IDPS-000002 Medium The IDPS must support and maintain the binding of organizationally defined security attributes to information in transmission.
SRG-NET-000193-IDPS-NA Medium The IDPS must manage excess bandwidth to limit the effects of packet flooding types of Denial of Service (DoS) attacks.
SRG-NET-000244-IDPS-000230 Medium The sensor positioned to protect servers in the server farm or DMZ must provide protection from DoS SYN Flood attacks by dropping half open TCP sessions.
SRG-NET-000244-IDPS-000231 Medium The LAND DoS signature must be implemented to protect the enclave.
SRG-NET-000209-IDPS-000212 Medium The IDPS must maintain the integrity of information during aggregation and encapsulation in preparation for transmission.
SRG-NET-000064-IDPS-NA Medium The network element must route all remote access traffic through managed access control points.
SRG-NET-000290-IDPS-NA Medium The IDPS must prevent the automatic execution of mobile code in organizationally defined software applications and requires organizationally defined actions prior to executing the code.
SRG-NET-000112-IDPS-000072 Medium The IDPS must produce a system-wide audit trail composed of log records in a standardized format.
SRG-NET-000189-IDPS-000199 Medium The IDPS must implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.
SRG-NET-000286-IDPS-000103 Medium The IDPS must protect the audit records of non-local accesses to privileged accounts and the execution of privileged functions.
SRG-NET-000207-IDPS-000213 Medium The IDPS must protect the integrity of transmitted information.
SRG-NET-000206-IDPS-NA Medium The network element must connect to external networks only through managed interfaces consisting of boundary protection devices arranged in accordance with organizational security architecture.
SRG-NET-000068-IDPS-NA Medium The IDPS must enforce requirements for remote connections to the network.
SRG-NET-000027-IDPS-NA Medium The IDPS must uniquely authenticate destination domains for information transfer.
SRG-NET-000126-IDPS-000118 Medium The IDPS must employ automated mechanisms to centrally apply configuration settings.
SRG-NET-000219-IDPS-000177 Medium IDPS auxiliary port(s) must be disabled if not approved for use.
SRG-NET-000245-IDPS-NA Medium The IDPS must employ malicious code protection mechanisms at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means.
SRG-NET-000020-IDPS-000044 Medium The IDPS must enforce information flow control using explicit security attributes on information, source, and destination objects as a basis for flow control decisions.
SRG-NET-000037-IDPS-000157 Medium The IDPS must be configured to automatically disable itself if any of the organizationally defined lists of security events are detected.
SRG-NET-000119-IDPS-000110 Medium The IDPS must be configured to enable automated mechanisms to enforce access restrictions.
SRG-NET-000059-IDPS-000007 Medium The IDPS must maintain the binding of security attributes to information with sufficient assurance that the information to attribute association can be used as the basis for automated policy actions.
SRG-NET-000115-IDPS-000075 Medium The IDPS must generate log alerts for locally developed sensor rules.
SRG-NET-000083-IDPS-000079 Medium The IDPS sensor events log monitoring application or mechanism retrieves events from the sensor before the events log becomes full.
SRG-NET-000146-IDPS-000135 Medium The IDPS must use organizationally defined replay-resistant authentication mechanisms for network access to privileged accounts.
SRG-NET-000166-IDPS-000154 Medium The IDPS must map the authenticated identity to the user account for PKI-based authentication.
SRG-NET-000210-IDPS-000215 Medium The IDPS must protect the confidentiality of transmitted information.
SRG-NET-000033-IDPS-000054 Medium The IPS must enforce information flow control using organizationally defined security policy filters as a basis for flow control decisions.
SRG-NET-000061-IDPS-NA Medium The network element must employ automated mechanisms to facilitate the monitoring and control of remote access methods.
SRG-NET-000054-IDPS-000004 Medium The IDPS must support and maintain the binding of organizationally defined security attributes to information in storage.
SRG-NET-000195-IDPS-000203 Medium The IPS must check inbound traffic to ensure that the communications are coming from an authorized source and routed to an authorized destination.
SRG-NET-000174-IDPS-000162 Medium The IDPS must protect non-local maintenance sessions through the use of two-factor authentication.
SRG-NET-000283-IDPS-NA Medium The IDPS must implement policy filters that constrain data structure and content to organizationally defined information security policy requirements when transferring information between different security domains.
SRG-NET-000120-IDPS-000111 Medium The IDPS must be configured to enable automated mechanisms to support auditing of the enforcement actions.
SRG-NET-000149-IDPS-000136 Medium The IDPS must authenticate devices before establishing remote network connections using bidirectional authentication between cryptographically based devices.
SRG-NET-000244-IDPS-000229 Medium The IDPS must ensure IP hijacking signatures have been implemented.
SRG-NET-000077-IDPS-000080 Medium The IDPS must produce sensor log records containing sufficient information to establish the source of the event.
SRG-NET-000198-IDPS-000205 Medium The IDPS must receive all management traffic through a dedicated management interface.
SRG-NET-000262-IDPS-NA Medium The IDPS must ensure all encrypted traffic is visible to network monitoring tools.
SRG-NET-000244-IDPS-000227 Medium The IDPS must provide an automated means to review and validate whitelists and blacklists entries.
SRG-NET-000244-IDPS-000226 Medium The IDPS must protect the enclave from malware and unexpected traffic by using TCP reset signatures.
SRG-NET-000259-IDPS-000242 Medium The IDPS must notify an organizationally defined list of incident response personnel of suspicious events.
SRG-NET-000180-IDPS-000167 Medium The IDPS must employ cryptographic mechanisms to protect information in storage.
SRG-NET-000172-IDPS-000159 Medium The IDPS must use automated mechanisms to restrict the use of maintenance tools to authorized personnel only.
SRG-NET-000131-IDPS-000125 Medium The sensor must be configured to alarm if unexpected protocols for network management enter the subnet.
SRG-NET-000131-IDPS-000123 Medium The IDPS must not have unnecessary services and capabilities enabled.
SRG-NET-000265-IDPS-000235 Medium The IDPS must detect attack attempts to the wireless network.
SRG-NET-000169-IDPS-NA Medium The network element must uniquely identify and authenticate non-organizational users or processes acting on behalf of non-organizational users.
SRG-NET-000139-IDPS-000131 Medium Management connections to the IDPS must require authentication.
SRG-NET-000002-IDPS-000023 Medium The IDPS must automatically terminate temporary accounts after an organizationally defined time period for each type of account.
SRG-NET-000212-IDPS-NA Medium The IDPS must maintain the confidentiality of information during aggregation and encapsulation in preparation for transmission.
SRG-NET-000192-IDPS-NA Medium The IDPS must restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks.
SRG-NET-000279-IDPS-000039 Medium The IDPS must prevent access to organizationally defined security-relevant information except during secure, non-operable system states.
SRG-NET-000205-IDPS-000210 Medium The IPS must monitor and control traffic at both the external and internal boundary interfaces.
SRG-NET-000129-IDPS-000121 Medium The IDPS must ensure that detected unauthorized security-relevant configuration changes are tracked.
SRG-NET-000139-IDPS-000130 Medium The IDPS must use multifactor authentication for network access to privileged accounts.
SRG-NET-000285-IDPS-NA Medium The IDPS must prohibit the transfer of unsanctioned information in accordance with the security policy when transferring information between different security domains.
SRG-NET-000264-IDPS-000233 Medium The IDPS must analyze outbound communications traffic at selected interior points within the network as deemed necessary to discover anomalies.
SRG-NET-000182-IDPS-NA Medium The network elements must separate user traffic from network management traffic.
SRG-NET-000164-IDPS-000152 Medium The IDPS must validate certificates used for PKI-based authentication by constructing a certification path with status information to an accepted trust anchor.
SRG-NET-000030-IDPS-NA Medium All encrypted traffic must be decrypted prior to passing through content inspection and filtering mechanisms.
SRG-NET-000022-IDPS-000046 Medium The IDPS must provide the capability for a privileged administrator to configure the organizationally defined security policy filters to support different security policies.
SRG-NET-000096-IDPS-000100 Medium The IDPS must protect audit tools from unauthorized deletion.
SRG-NET-000269-IDPS-000246 Medium The IDPS must provide notification of failed automated security tests.
SRG-NET-000065-IDPS-000014 Medium The IDPS must continuously monitor for unauthorized remote connections to specific information systems.
SRG-NET-000087-IDPS-000089 Medium The IPS must reject or delay network traffic generated above configurable traffic volume thresholds as defined by the organization.
SRG-NET-000098-IDPS-000107 Medium The IDPS must protect application audit and sensor event logs information from unauthorized read access.
SRG-NET-000196-IDPS-NA Medium The IDPS must implement host-based boundary protection mechanisms.
SRG-NET-000171-IDPS-000091 Medium The IDPS must invoke a system shutdown in the event of the log failure, unless an alternative audit capability exists.
SRG-NET-000263-IDPS-000232 Medium The IDPS must analyze outbound traffic at the external boundary of the network.
SRG-NET-000029-IDPS-000051 Medium The IDPS must enforce dynamic traffic flow control based on policy allowing or disallowing flows based upon traffic types and rates within or out of profile.
SRG-NET-000156-IDPS-000151 Medium The IDPS must enforce password complexity by the number of lower case characters used.
SRG-NET-000197-IDPS-NA Medium The IDPS must isolate organizationally defined key information security tools, mechanisms, and support components from other internal information system components via physically separate subnets.
SRG-NET-000176-IDPS-000163 Medium The IDPS must employ cryptographic mechanisms to protect the integrity and confidentiality of non-local maintenance and diagnostic communications.
SRG-NET-000070-IDPS-NA Medium The IDPS must protect wireless access to the network using encryption.
SRG-NET-000217-IDPS-NA Medium The IDPS must produce, control, and distribute asymmetric cryptographic keys using approved PKI Class 3 certificates or prepositioned keying material.
SRG-NET-000242-IDPS-000221 Medium The IDPS must use SNMP Version 3 (SNMPv3) Security Model with FIPS 140-2 compliant cryptography (i.e., SHA authentication and AES encryption).
SRG-NET-000224-IDPS-000179 Medium The IDPS must protect the integrity and availability of publicly available information and applications.
SRG-NET-000261-IDPS-000243 Medium The IDPS must protect information obtained from network scanning from unauthorized access, modification, and deletion.
SRG-NET-000028-IDPS-000050 Medium The IDPS must implement security policies for all traffic flows by using security zones at various protection levels as a basis for flow control decisions.
SRG-NET-000303-IDPS-NA Medium The network element must perform data origin authentication and data integrity verification on all resolution responses received whether or not local client systems explicitly request this service.
SRG-NET-000289-IDPS-000184 Medium The IPS must prevent the execution of prohibited mobile code.
SRG-NET-000219-IDPS-000176 Medium The IDPS must employ cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
SRG-NET-000202-IDPS-NA Medium The IPS must deny network traffic by default and allow network traffic by exception at all interfaces at the network perimeter.
SRG-NET-000309-IDPS-000204 Medium The IDPS must protect against unauthorized physical connections across the boundary protections implemented at organizationally defined list of managed interfaces.
SRG-NET-000250-IDPS-NA Medium The network element must address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.
SRG-NET-000214-IDPS-000172 Medium The IDPS must establish a trusted communications path between the user and organizationally defined security functions within the information system.
SRG-NET-000163-IDPS-000145 Medium The IDPS must enforce maximum password lifetime restrictions.
SRG-NET-000122-IDPS-000113 Medium The IDPS must enforce a two-person rule for changes to organizationally defined information system components and system-level information.
SRG-NET-000015-IDPS-000040 Medium The IDPS must be configured to work with an authentication server to enforce the assigned privilege and authorization level for each administrator.
SRG-NET-000233-IDPS-000190 Medium The IDPS must allow only system generated session identifiers.
SRG-NET-000249-IDPS-NA Medium The IDPS must be configured to perform organizationally defined actions in response to malicious code detection.
SRG-NET-000124-IDPS-000115 Medium The IDPS must implement automatic safeguards and countermeasures if security functions or mechanisms are changed inappropriately.
SRG-NET-000232-IDPS-000189 Medium The IDPS must generate a unique session identifier for each session.
SRG-NET-000128-IDPS-000120 Medium The IDPS must employ automated mechanisms to respond to unauthorized changes to organizationally defined configuration settings.
SRG-NET-000241-IDPS-NA Medium The IDPS must protect the integrity of information during the processes of data aggregation, packaging, and transformation in preparation for transmission.
SRG-NET-000213-IDPS-000171 Medium The IDPS must terminate the connection associated with a communications session at the end of the session or after an organizationally defined time period of inactivity.
SRG-NET-000301-IDPS-NA Medium The network element must provide the means to indicate the security status of child subspaces and (if the child supports secure resolution services) enable verification of a chain of trust among parent and child domains.
SRG-NET-000132-IDPS-NA Medium The IDPS must employ automated mechanisms to detect the addition of unauthorized components or devices.
SRG-NET-000145-IDPS-NA Medium The IDPS must enforce multifactor authentication for network access to non-privileged accounts where one of the factors is provided by a device separate from the IDPS being accessed.
SRG-NET-000125-IDPS-000117 Medium The IDPS must employ automated mechanisms to centrally manage configuration settings.
SRG-NET-000211-IDPS-000214 Medium The IDPS must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission unless otherwise protected by alternative physical measures.
SRG-NET-000282-IDPS-NA Medium The IDPS must decompose information into policy-relevant subcomponents for submission to policy enforcement mechanisms when transferring information between different security domains.
SRG-NET-000284-IDPS-NA Medium The IDPS must detect unsanctioned information when transferring information between different security domains.
SRG-NET-000181-IDPS-000168 Medium The IDPS must be configured to detect the presence of unauthorized software on organizational information systems.
SRG-NET-000181-IDPS-000169 Medium The IDPS administrator will review whitelists and blacklists regularly and validate all entries to ensure they are still accurate and necessary.
SRG-NET-000143-IDPS-000133 Medium System administrators must be authenticated with an individual authenticator prior to using a group authenticator.
SRG-NET-000260-IDPS-000241 Medium The IDPS must take an organizationally defined list of least-disruptive actions to terminate suspicious events.
SRG-NET-000221-IDPS-000170 Medium The IDPS must employ NSA-approved cryptography to protect classified information.
SRG-NET-000071-IDPS-000018 Medium If the site uses a continuous WIDS scanning, then the system must be configured to meet requirements.
SRG-NET-000153-IDPS-000142 Medium The IDPS must enforce minimum password length.
SRG-NET-000086-IDPS-000090 Medium The IDPS must enforce configurable traffic volume thresholds representing logging capacity for network traffic to be logged.
SRG-NET-000071-IDPS-000017 Medium The site must scan the radio frequency spectrum for unauthorized WLAN devices.
SRG-NET-000280-IDPS-000052 Medium The IDPS must enforce information flow control on metadata.
SRG-NET-000183-IDPS-000186 Medium The IDPS must prevent the exposure of network management traffic onto a user or production network.
SRG-NET-000110-IDPS-000071 Medium The IDPS management consoles must be logically installed on the management network.
SRG-NET-000026-IDPS-000048 Medium The IDPS must uniquely identify destination domains for information transfer.
SRG-NET-000025-IDPS-NA Medium The IDPS must uniquely authenticate source domains for information transfer.
SRG-NET-000256-IDPS-000238 Medium The IPS must be configured to monitor inbound and outbound TCP and UDP packets, dropping traffic using prohibited port numbers.
SRG-NET-000147-IDPS-NA Medium The IDPS must use organizationally defined replay-resistant authentication mechanisms for network access to non-privileged accounts.
SRG-NET-000036-IDPS-000057 Medium The IDPS must provide the capability for a privileged administrator to configure organizationally defined security policy filters to support different security policies.
SRG-NET-000162-IDPS-000146 Medium The IDPS must enforce minimum password lifetime restrictions.
SRG-NET-000088-IDPS-000092 Medium The IDPS must be configured to send an alert to designated personnel in the event of an audit processing failure.
SRG-NET-000040-IDPS-000059 Medium The IDPS must automatically lock out an account after the maximum number of unsuccessful login attempts are exceeded and remain locked until released by an administrator.
SRG-NET-000200-IDPS-000207 Medium The IPS must enforce strict adherence to protocol format.
SRG-NET-000038-IDPS-000058 Medium The maximum number of unsuccessful login attempts must be set to an organizationally defined value.
SRG-NET-000225-IDPS-000181 Medium The IDPS must associate security attributes with information exchanged between information systems.
SRG-NET-000271-IDPS-000247 Medium The IDPS must detect unauthorized changes to software and information.
SRG-NET-000302-IDPS-NA Medium The network element must perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources when requested by client systems.
SRG-NET-000258-IDPS-000240 Medium The IDPS must be installed in stealth mode without an IP address on the interface with data flow.
SRG-NET-000031-IDPS-NA Medium The IDPS must terminate all tunnels prior to passing through the perimeter security zone.
SRG-NET-000178-IDPS-000165 Medium The IDPS must terminate all sessions when non-local maintenance is completed.
SRG-NET-000100-IDPS-000109 Medium The IDPS must protect application audit and sensor event logs are protected from unauthorized deletion.
SRG-NET-000110-IDPS-000070 Medium The IDPS must provide a centralized management console/server that compiles data from the agents and sensors.
SRG-NET-000133-IDPS-000122 Medium The IDPS must employ automated mechanisms to prevent program execution in accordance with organization defined specifications.
SRG-NET-000150-IDPS-000137 Medium The IDPS must authenticate devices before establishing wireless network connections using bidirectional authentication between cryptographically based devices.
SRG-NET-000255-IDPS-NA Medium IDPS sensors must interconnect and configure individual intrusion detection tools into a system-wide intrusion detection system using common protocols.
SRG-NET-000140-IDPS-NA Medium The IDPS must use multi-factor authentication for network access to non-privileged accounts.
SRG-NET-000248-IDPS-NA Medium The IDPS must be configured to perform real-time scans of files from external sources as they are downloaded and prior to being opened or executed
SRG-NET-000308-IDPS-000175 Medium The IDPS must employ FIPS-validated or NSA-approved cryptography to implement digital signatures.
SRG-NET-000132-IDPS-000124 Medium The IDPS must be configured to prohibit or restrict the use of ports, protocols, and services in accordance with organizationally defined requirements.
SRG-NET-000246-IDPS-NA Medium The IDPS must update malicious code protection mechanisms and signature definitions whenever new releases are available in accordance with organizational configuration management policy and procedures.
SRG-NET-000191-IDPS-NA Medium The IDPS must protect against or limits the effects of Denial of Service (DoS) attacks.
SRG-NET-000204-IDPS-000209 Medium The IPS must monitor and enforce filtering of internal addresses posing a threat to external information systems.
SRG-NET-000177-IDPS-000164 Medium The IDPS must enforce identification and authentication for the establishment of non-local maintenance and diagnostic sessions.
SRG-NET-000142-IDPS-NA Medium The IDPS must use multifactor authentication for local access to non-privileged accounts.
SRG-NET-000252-IDPS-NA Medium The IDPS must prevent non-privileged users from circumventing malicious code protection capabilities.
SRG-NET-000306-IDPS-000037 Low The IDPS must enforce a Discretionary Access Control (DAC) policy that limits propagation of access rights.
SRG-NET-000074-IDPS-000081 Low The IDPS must produce sensor log records that contain sufficient information to establish what type of event occurred.
SRG-NET-000082-IDPS-000085 Low The IDPS must be configured to allocate audit record storage capacity.
SRG-NET-000001-IDPS-000021 Low The IDPS must provide automated support for account management functions.
SRG-NET-000278-IDPS-000011 Low The IDPS must display security attributes in human-readable form on each object output from the system to system output devices to identify an organizationally identified set of special dissemination, handling, or distribution instructions organizationally identified human readable, standard naming conventions.
SRG-NET-000097-IDPS-000097 Low The IDPS must be configured to use a minimum of two Network Time Protocol (NTP) servers to synchronize time.
SRG-NET-000093-IDPS-000096 Low Audit log reduction must be enabled on the IDPS.
SRG-NET-000107-IDPS-000106 Low The IDPS must use cryptography to protect the integrity of audit tools.
SRG-NET-000105-IDPS-000104 Low The IDPS must backup system level and sensor event log records on an organizationally defined frequency onto a different system or media.
SRG-NET-000090-IDPS-000094 Low The IDPS must integrate audit review, analysis, and reporting processes to support organizational processes for investigation and response to suspicious activities.
SRG-NET-000011-IDPS-000031 Low The IDPS must automatically audit account termination.
SRG-NET-000270-IDPS-000245 Low The IDPS must provide automated support for the management of distributed security testing.
SRG-NET-000051-IDPS-000066 Low The IDPS must notify the user of the number of unsuccessful login attempts to the local device occurring during organizationally defined time period.
SRG-NET-000017-IDPS-000036 Low The IDPS must implement nondiscretionary access control policies over users and resources.
SRG-NET-000052-IDPS-000068 Low The IDPS must notify the user of organizationally defined security related changes to the user's account occurring during the organizationally defined time period.
SRG-NET-000307-IDPS-000038 Low The IDPS must enforce a DAC policy that includes or excludes access to the granularity of a single user.
SRG-NET-000080-IDPS-000077 Low The IDPS must capture and log alerts that contain detailed information for events identified by type, location, and subject.
SRG-NET-000082-IDPS-000087 Low The IDPS must provide a warning when the logging storage capacity reaches 75% of maximum capacity.
SRG-NET-000089-IDPS-000093 Low The IDPS must be configured to stop generating log records or overwrite the oldest log records when an audit failure occurs.
SRG-NET-000049-IDPS-000065 Low Upon successful logon, the IDPS must display, to the user, the number of unsuccessful logon attempts since the last successful logon.
SRG-NET-000072-IDPS-NA Low The IDPS must enforce requirements for the connection of mobile devices to organizational information systems.
SRG-NET-000079-IDPS-000076 Low The IDPS must capture and log sufficient information to establish the identity of any user accounts associated with the event.
SRG-NET-000083-IDPS-000086 Low The IDPS logging function must be configured to reduce the likelihood of log record capacity being exceeded.
SRG-NET-000095-IDPS-000095 Low The IDPS must provide the capability to automatically process log records for events of interest based upon selectable criteria.
SRG-NET-000043-IDPS-000063 Low The IDPS must display an approved system use notification message or banner before granting access to the device.
SRG-NET-000050-IDPS-000067 Low The IDPS must notify the user of the number of successful login attempts to the local device occurring during an organizationally defined time period.
SRG-NET-000238-IDPS-000196 Low The IDPS must protect the confidentiality and integrity of system information at rest.
SRG-NET-000236-IDPS-000192 Low The IDPS must preserve organizationally defined system state information in the event of a system failure.
SRG-NET-000066-IDPS-000015 Low The network element must audit remote sessions for accessing an organizationally defined list of security functions and security-relevant information.
SRG-NET-000268-IDPS-000244 Low The IDPS must respond to security function anomalies in accordance with organizationally defined responses and alternative actions.
SRG-NET-000267-IDPS-000245 Low The IDPS must be configured to perform periodic self-tests that verify security functionality is operational during system state changes (i.e., initialization, shutdown, and aborts.).
SRG-NET-000137-IDPS-000129 Low The IDPS must support organizational requirements to conduct backups of information system documentation including security related documentation per organizationally defined frequency that is consistent with recovery time and recovery point object
SRG-NET-000010-IDPS-000026 Low The IDPS must notify the account owner when the account has been disabled.
SRG-NET-000102-IDPS-000102 Low The IDPS must protect audit tools from unauthorized modification.
SRG-NET-000304-IDPS-NA Low The network element that collectively provides name/address resolution service for an organization must be fault-tolerant.
SRG-NET-000005-IDPS-000028 Low The IDPS must automatically audit the creation of accounts.
SRG-NET-000012-IDPS-000027 Low The IDPS must notify the appropriate individuals for account termination.
SRG-NET-000096-IDPS-000099 Low The IDPS must use internal system clocks to generate timestamps for audit records.
SRG-NET-000078-IDPS-000084 Low The IDPS must produce log records containing sufficient information to determine if the event was a success or failure.
SRG-NET-000085-IDPS-000088 Low The IDPS must provide a real-time alert when organizationally defined audit failure events occur.
SRG-NET-000076-IDPS-000082 Low The IDPS must produce log records containing sufficient information to establish where the events occurred.
SRG-NET-000048-IDPS-000064 Low Upon successful logon, the IDPS must display the date and time of the last logon of the user.
SRG-NET-000148-IDPS-000139 Low The IDPS must authenticate an organizationally defined list of specific devices by device type before establishing a connection.
SRG-NET-000035-IDPS-000056 Low The IDPS must audit the use of privileged accounts when accessing configuration and operational commands enabled for non-privileged accounts.
SRG-NET-000235-IDPS-000193 Low The IDPS must fail to an organizationally defined known-state for organizationally defined types of failures.
SRG-NET-000073-IDPS-NA Low The IDPS must be configured to disable functionality that provides the capability for automatic execution of code on mobile devices without user direction.
SRG-NET-000003-IDPS-000022 Low The IDPS must automatically terminate emergency accounts after an organizationally defined time period.
SRG-NET-000060-IDPS-000009 Low Accounts must be removed from the IDPS, when no longer required.
SRG-NET-000274-IDPS-000218 Low The IDPS must activate an organizationally defined alarm when a system component failure is detected.
SRG-NET-000094-IDPS-NA Low The IDPS must provide a report generation capability.
SRG-NET-000034-IDPS-000055 Low Organizationally defined authorizations must be implemented through organizationally defined separation of duties through use of group memberships.
SRG-NET-000242-IDPS-000219 Low The IDPS must be configured to automatically check for security updates to the application software on an organizationally defined frequency.
SRG-NET-000041-IDPS-000061 Low The IDPS must display an approved system use notification message (or banner) before granting access to the system.
SRG-NET-000157-IDPS-000149 Low The IDPS must enforce password complexity by the number of numeric characters used.
SRG-NET-000007-IDPS-000032 Low The IDPS must automatically audit account modification.
SRG-NET-000135-IDPS-000127 Low The IDPS must support organizational requirements to conduct backups of user-level information contained in the device per organizationally defined frequency that is consistent with recovery time and recovery point objectives.
SRG-NET-000013-IDPS-000033 Low The IDPS must monitor for unusual usage of administrative user accounts.
SRG-NET-000008-IDPS-000029 Low The IDPS must notify the designated system administrators when accounts are modified.
SRG-NET-000173-IDPS-000160 Low The IDPS must log non-local maintenance and diagnostic sessions.
SRG-NET-000159-IDPS-000148 Low The IDPS must enforce the number of characters changed when passwords are changed.
SRG-NET-000155-IDPS-000150 Low The IDPS must enforce password complexity by the number of upper case characters used.
SRG-NET-000242-IDPS-000220 Low The IDPS must use a vendor-supported version of the firmware and application software.
SRG-NET-000104-IDPS-NA Low The IDPS must produce audit records on hardware-enforced write-once media.
SRG-NET-000136-IDPS-000128 Low The IDPS must support organizational requirements to conduct backups of system-level information contained in the information system per organizationally defined frequency.
SRG-NET-000053-IDPS-000001 Low The IDPS must limit the number of concurrent sessions for each account to an organizationally defined number.
SRG-NET-000004-IDPS-000024 Low The IDPS must automatically disable inactive accounts after an organizationally defined time period of inactivity.
SRG-NET-000091-IDPS-NA Low The IDPS must centralize the review and analysis of audit records from multiple network elements within the network.
SRG-NET-000075-IDPS-000083 Low The IDPS must produce log records containing sufficient information to establish when the events occurred.
SRG-NET-000042-IDPS-000062 Low The IDPS must display the notification message on the screen until the administrator takes explicit action to acknowledge the message.
SRG-NET-000230-IDPS-000187 Low The IDPS must provide mechanisms to protect the authenticity of communications sessions.
SRG-NET-000101-IDPS-000101 Low The IDPS must protect audit tools from unauthorized access.
SRG-NET-000006-IDPS-000025 Low The IDPS must notify the appropriate individuals when accounts are created.
SRG-NET-000009-IDPS-000030 Low The IDPS must automatically audit account disabling actions.
SRG-NET-000272-IDPS-000216 Low The IDPS must identify and respond to potential security-relevant error conditions.
SRG-NET-000305-IDPS-NA Low The network element that collectively provides name/address resolution service for an organization must implement internal/external role separation.