Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must enforce access restrictions associated with changes to the information system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000118-IDPS-000116 | SRG-NET-000118-IDPS-000116 | SRG-NET-000118-IDPS-000116_rule | Medium |
| Description |
|---|
| Changes to the hardware or software components of the IDPS can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should be allowed administrative access to the IDPS for implementing any changes or upgrades. This requirement applies to update of the application files, configuration, and signatures. Changes to the operating system will be addressed in the operating system STIG. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43247_chk ) |
|---|
| Ask the site representative how hardware and software maintenance is done. Verify only authorized users have permissions for changes, deletes and updates on the IDPS. If unauthorized users are allowed to change the hardware or application software, this is a finding. |
| Fix Text (F-43247_fix) |
|---|
| Configure the IDPS to the minimum required to maintain the system. If there is a maintenance log, inspect it to verify changes are being made only by the system administrators. |