The IDPS must implement an isolation boundary to minimize the number of non-security functions included within the boundary containing security functions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000187-IDPS-000198 | SRG-NET-000187-IDPS-000198 | SRG-NET-000187-IDPS-000198_rule | Medium |
| Description |
|---|
| The IDPS must be designed and configured to minimize the number of non-security functions included within the boundary containing security functions. An isolation boundary, implemented via partitions and domains, must be used to minimize the mixture of these functions, thus minimizing the risk of leakage or corruption of privileged information. This control is normally a function of the IDPS application design and is usually not a configurable setting; however, in some applications, there may be settings that must be configured to optimize function isolation. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43351_chk ) |
|---|
| Verify the application is designed to separate security functions from non-security functions (i.e., separate address space) for executing process. If the vendor application design documentation indicates there is no boundary separation between security functions, this is a finding. |
| Fix Text (F-43351_fix) |
|---|
| Enable settings to create an isolation boundary. Configure the network boundary to minimize the number of non-security functions included within the boundary which contains security functions. |