UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must allow administrators to select which rule sets are to be logged at the management console and sensor level.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000114-IDPS-000074 SRG-NET-000114-IDPS-000074 SRG-NET-000114-IDPS-000074_rule Medium
Description
All sensors of the IDPS must be configurable with the organizationally defined rules. This requirement does not require each sensor be configured with separate rule sets; however, this capability must be available to meet the need to respond to future attack vectors. If administrators do not have granular control of the rule to be applied and logged for later analysis, then malicious attacks may be missed.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43202_chk )
For each sensor and management console (management console sensor) perform the following.
Verify sensor rules (local and vendor-provided) can be configured and/or selected at the sensor level.
Verify the IDPS sensors have the capability to be configured with separate rule sets.

If the IDPS does not allow administrators to select which rules sets are to be logged at the sensor level, this is a finding.
Fix Text (F-43202_fix)
Configure the sensors with rule sets according to the security policy of the network segment or VLAN.