The IDPS must implement automatic safeguards and countermeasures if security functions or mechanisms are changed inappropriately.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000124-IDPS-000115	SRG-NET-000124-IDPS-000115	SRG-NET-000124-IDPS-000115_rule		Medium

Description
Changes to any software components of the IDPS can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals are allowed administrative access to the IDPS for implementing any changes or upgrades. In order to ensure a prompt response to unauthorized changes to IDPS security functions, the organizations will define the safeguards the device must undertake in the event these changes occur.

Description

Changes to any software components of the IDPS can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals are allowed administrative access to the IDPS for implementing any changes or upgrades. In order to ensure a prompt response to unauthorized changes to IDPS security functions, the organizations will define the safeguards the device must undertake in the event these changes occur.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43246_chk )
Verify only qualified and authorized individuals have administrative access to the IDPS for implementing any changes or upgrades. If individuals other than the authorized system administrators are allowed to upgrade or change the software, including signature files and rules, this is a finding.

Fix Text (F-43246_fix)
Restrict access to IDPS sensors and components to authorized system administrators only.