The IDPS must allow administrators to select which rule sets are to be logged at the management console and sensor level.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000114-IDPS-000074 | SRG-NET-000114-IDPS-000074 | SRG-NET-000114-IDPS-000074_rule | Medium |
| Description |
|---|
| All sensors of the IDPS must be configurable with the organizationally defined rules. This requirement does not require each sensor be configured with separate rule sets; however, this capability must be available to meet the need to respond to future attack vectors. If administrators do not have granular control of the rule to be applied and logged for later analysis, then malicious attacks may be missed. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43202_chk ) |
|---|
| For each sensor and management console (management console sensor) perform the following. Verify sensor rules (local and vendor-provided) can be configured and/or selected at the sensor level. Verify the IDPS sensors have the capability to be configured with separate rule sets. If the IDPS does not allow administrators to select which rules sets are to be logged at the sensor level, this is a finding. |
| Fix Text (F-43202_fix) |
|---|
| Configure the sensors with rule sets according to the security policy of the network segment or VLAN. |