UCF STIG Viewer Logo

The IDPS must enforce dynamic traffic flow control based on policy allowing or disallowing flows based upon traffic types and rates within or out of profile.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000029-IDPS-000051 SRG-NET-000029-IDPS-000051 SRG-NET-000029-IDPS-000051_rule Medium
Description
Information flow control regulates where information is allowed to travel within a network and between interconnected networks. The flow of all network traffic must be monitored and controlled so it does not introduce any unacceptable risk to the network infrastructure or data. Restrictions can be enforced based on policy allowing or disallowing flows based upon traffic types and rates within or out of profile.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43176_chk )
View the rules on the IDPS.
Verify changes in traffic flow controls are added/updated to the rules.
When changes are made, these changes should take effect immediately and the sensors should begin monitoring using the updated rule set.

If the IDPS is not configured to enforce restrictions for traffic flow based on types and level of traffic based on the typically expected patterns, this is a finding.
Fix Text (F-43176_fix)
Create traffic flow rules to monitor and enforce traffic flow.