Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must authenticate devices before establishing remote network connections using bidirectional authentication between cryptographically based devices.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000149-IDPS-000136 | SRG-NET-000149-IDPS-000136 | SRG-NET-000149-IDPS-000136_rule | Medium |
| Description |
|---|
| An IDPS must have a level of trust with any node wanting to connect to it. The remote node could be a host device requiring a layer 2 connection to the network or a router wanting to peer as a neighbor and establish a connection to exchange control plane and forwarding plane traffic. A network control plane is comprised of routing, signaling, and link management protocols; all used to establish the forwarding paths required by the data plane. Disrupting the flow of this information or injecting false information breaks down the integrity or believability of path information. To safeguard these connections it is imperative the connecting device authenticate itself prior to granting access. In the case of peering neighbors, the authentication must be bidirectional. Regardless of the paradigm, authentication must use a form of cryptography to ensure a high level of trust and authenticity. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43274_chk ) |
|---|
| Verify the configuration for the management console and sensors requires access by a DoD approved multi-factor authentication (e.g., PKI, SecureID, or DoD Alternate Token). If multifactor authentication is not used for network access to privileged accounts, this is a finding. |
| Fix Text (F-43274_fix) |
|---|
| Configure local account for multi-factor authentication. |