UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must support the requirement to centrally manage the events from multiple sensor queues.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000081-IDPS-000078 SRG-NET-000081-IDPS-000078 SRG-NET-000081-IDPS-000078_rule Medium
Description
Centrally managing data captured by the various sensors provides for easier management of network events and is an effective facility for monitoring and the automatic generation of alert notification. The repository of audit data can facilitate troubleshooting when problems are encountered and can assist in performing root cause analysis. A repository of audit data can also be correlated in real time to identify suspicious behavior or be archived for review at a later time for research and analysis. IDPS sensors are managed from a maintenance console or server installed on the management network. Configuration and management of the sensor configuration, except for initial network configuration, must be performed through accessing the management console. Without the ability to centrally manage events, troubleshooting and correlation of suspicious behavior will be difficult and may lead to or prolong the attack.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43206_chk )
Verify a management console or server is used to manage the configuration and events logs for all sensors.

If sensor configuration and events cannot be managed centrally, this is a finding.
Fix Text (F-43206_fix)
Install and configure a management console to provide central management of sensor events.