The IDPS must employ automated mechanisms to respond to unauthorized changes to organizationally defined configuration settings.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000128-IDPS-000120	SRG-NET-000128-IDPS-000120	SRG-NET-000128-IDPS-000120_rule		Medium

Description
Uncoordinated or incorrect configuration changes to network components can potentially lead to network outages and possibly compromises. Centrally managing configuration changes for the IDPS can ensure they are done at the correct time and if necessary in synchronization with each other which can be vital for nodes that peer and require compatible configurations. Centralized configuration management also provides visibility and tracking of enterprise level activity promoting a sound configuration management procedure as well as an automatic mechanism to initiate an alert when an unauthorized change has been detected.

Description

Uncoordinated or incorrect configuration changes to network components can potentially lead to network outages and possibly compromises. Centrally managing configuration changes for the IDPS can ensure they are done at the correct time and if necessary in synchronization with each other which can be vital for nodes that peer and require compatible configurations. Centralized configuration management also provides visibility and tracking of enterprise level activity promoting a sound configuration management procedure as well as an automatic mechanism to initiate an alert when an unauthorized change has been detected.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43251_chk )
Verify the IDPS is configured to alarm or send an alert when changes, updates, and deletions are made. If automated mechanisms are not configured to respond to unauthorized changes in configuration settings, this is a finding.

Fix Text (F-43251_fix)
Configure the IDPS to alert on changes in configuration settings to network components.