Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must use automated mechanisms to restrict the use of maintenance tools to authorized personnel only.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000172-IDPS-000159 | SRG-NET-000172-IDPS-000159 | SRG-NET-000172-IDPS-000159_rule | Medium |
| Description |
|---|
| With the growth of widespread network delivered malware infections, organizations tend to overlook the spread of malware from system to system through removable media. Once an infected media is connected to the information system, any worms on it will spread through the system. Maintenance tools connecting to an IDPS for diagnostics could be carrying malware; therefore, their use must be restricted to authorized personnel. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43299_chk ) |
|---|
| Verify non-local use of maintenance tools is restricted to authorized system administrators by asking the site representative. If the use of maintenance tools is not restricted, this is a finding. |
| Fix Text (F-43299_fix) |
|---|
| Configure the IDPS to restrict access to maintenance tools for the IDPS to authorized system administrators. |