The IDPS must be configured to detect the presence of unauthorized software on organizational information systems.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000181-IDPS-000168	SRG-NET-000181-IDPS-000168	SRG-NET-000181-IDPS-000168_rule		Medium

Description
The goal of running vulnerability assessment scans is to identify devices on your network that are open to known vulnerabilities. Malicious software such as Trojan horses, hacker tools, DDoS (Distributed Denial of Service) agents, and spyware can establish a management console on individual desktops and servers. Many of these are not detected by anti-virus software or even host intrusion detection systems. Without the detection and prevention of malicious software, unauthorized users may gain access to sensitive data by assuming the identity of authorized users.

Description

The goal of running vulnerability assessment scans is to identify devices on your network that are open to known vulnerabilities. Malicious software such as Trojan horses, hacker tools, DDoS (Distributed Denial of Service) agents, and spyware can establish a management console on individual desktops and servers. Many of these are not detected by anti-virus software or even host intrusion detection systems. Without the detection and prevention of malicious software, unauthorized users may gain access to sensitive data by assuming the identity of authorized users.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43308_chk )
Verify the use of signatures or rules that monitor for unauthorized software. If IDPS signatures are not used to monitor the network, this is a finding.

Fix Text (F-43308_fix)
Configure the IDPS sensors to detect unauthorized software.