The IPS must enforce security policies regarding information on interconnected systems.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000023-IDPS-000047	SRG-NET-000023-IDPS-000047	SRG-NET-000023-IDPS-000047_rule		Medium

Description
Transferring information between interconnected information systems of differing security policies introduces the risk of the transfers violating one or more policies. It is imperative for policy guidance from information owners be implemented at the policy enforcement point between the interconnected systems. This requirement applies to IPS (rather than IDS systems) implementations only because it requires the enforcement of security policy. If IPS is configured to transfer threat information to the firewall or other devices do not adhere to the security policy of the other device, the network security posture for devices interconnected with the IDPS could be compromised. Enforcement is done by an IPS and is not a function of an IDS. If the IPS is not configured to authenticate or updates to other network devices violate the access control policy of the other device, this is an issue which must be resolved. However, the IPS must also be configured to monitor and enforce the security policies between other interconnected systems.

Description

Transferring information between interconnected information systems of differing security policies introduces the risk of the transfers violating one or more policies. It is imperative for policy guidance from information owners be implemented at the policy enforcement point between the interconnected systems. This requirement applies to IPS (rather than IDS systems) implementations only because it requires the enforcement of security policy. If IPS is configured to transfer threat information to the firewall or other devices do not adhere to the security policy of the other device, the network security posture for devices interconnected with the IDPS could be compromised. Enforcement is done by an IPS and is not a function of an IDS. If the IPS is not configured to authenticate or updates to other network devices violate the access control policy of the other device, this is an issue which must be resolved. However, the IPS must also be configured to monitor and enforce the security policies between other interconnected systems.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43170_chk )
Inspect the rules and signatures configured to monitor, block and or redirect network traffic based on detected events between interconnected systems. Verify the IPS is configured to enforce the security policies between interconnected systems. If the IPS is not configured to enforce security policies regarding information on interconnected systems, this is a finding.

Fix Text (F-43170_fix)
Configure the IPS and other devices with which it interconnects, so the security policy on all devices is not by-passed. Configure the IPS to enforce security policies regarding information on interconnected systems,