UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must uniquely identify source domains for information transfer.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000024-IDPS-000049 SRG-NET-000024-IDPS-000049 SRG-NET-000024-IDPS-000049_rule Medium
Description
Identifying source and destination addresses for information flows within the network allows forensic reconstruction of events when required, and increases policy compliance by attributing policy violations to specific individuals. Means to enforce this enhancement include ensuring the network element distinguishes between information systems and organizations, and between specific system components or individuals involved in sending and receiving information. Examples of information transfer for the IDPS are the sensor log updating the base, sensor alerts, or commands to update the firewall or router ACLs. Without unique identifiers, the audit records of these information transfers would not be useful to tracking possible violations.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43172_chk )
Verify the IDPS uses IP addresses to track and log information transfer sessions between the sensors and other network elements.
View log entries to verify the information tracked includes source IP address and component identification for the base, sensors, or other network elements involved in information transfer.


If the source IP address is not logged for information transfer sessions, this is a finding.
Fix Text (F-43172_fix)
Configure the IDPS management console to log information transfer events. Configure the event entry to include source IP address and component identification.