The IDPS must dynamically reconfigure security attributes in accordance with an identified security policy as information is created and combined.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000057-IDPS-000005	SRG-NET-000057-IDPS-000005	SRG-NET-000057-IDPS-000005_rule		Medium

Description
Security attribute assignments (e.g., metadata, classification, user access privileges, or affiliation) are abstractions representing the basic properties or characteristics of an entity. Attributes may be bound to data and then used in various applications within the IDPS to enable access control, flow control, information handling, and other information security policy processes. Examples of possible IDPS security attributes that may be used by the organization to implement security policy include: session of packet identifiers; source and destination IP addresses; protocol identifiers; traffic classification based on QoS markings for preferred treatment; or VLAN identification. Security attributes and labels should be leveraged to protect stored information as well as information flowing to external devices. Information stored and processed by the IDPS includes sensors event logs, local audit logs, and application files. Security attributes and labels must also be leveraged to protect communications between sensors, the management console, non-local management computers, firewalls, routers, and other network elements. The IDPS must have the capability to dynamically reconfigure destination addresses, user privilege assignments, and changes to traffic flow requirements. If changes to the security attributes used by upon which security policies, information workflows, and access control are not dynamic, then unauthorized subjects and entities may gain access to the information.

Description

Security attribute assignments (e.g., metadata, classification, user access privileges, or affiliation) are abstractions representing the basic properties or characteristics of an entity. Attributes may be bound to data and then used in various applications within the IDPS to enable access control, flow control, information handling, and other information security policy processes. Examples of possible IDPS security attributes that may be used by the organization to implement security policy include: session of packet identifiers; source and destination IP addresses; protocol identifiers; traffic classification based on QoS markings for preferred treatment; or VLAN identification. Security attributes and labels should be leveraged to protect stored information as well as information flowing to external devices. Information stored and processed by the IDPS includes sensors event logs, local audit logs, and application files. Security attributes and labels must also be leveraged to protect communications between sensors, the management console, non-local management computers, firewalls, routers, and other network elements. The IDPS must have the capability to dynamically reconfigure destination addresses, user privilege assignments, and changes to traffic flow requirements. If changes to the security attributes used by upon which security policies, information workflows, and access control are not dynamic, then unauthorized subjects and entities may gain access to the information.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43116_chk )
Verify a reboot or reset is not needed when security attributes (e.g., flow control information, and user privilege changes). If changes in settings for security attributes settings are not dynamically reconfigured without the need for rebooting, this is a finding.

Fix Text (F-43116_fix)
Configure the IDPS to dynamically reconfigure destination addresses, user privilege assignments, and changes to traffic flow requirements.