The IPS must monitor and enforce filtering of internal addresses posing a threat to external information systems.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000204-IDPS-000209 | SRG-NET-000204-IDPS-000209 | SRG-NET-000204-IDPS-000209_rule | Medium |
| Description |
|---|
| Monitoring and filtering the outbound traffic adds a layer of protection to the enclave. Unlike an IDS, an IPS can both detect and take action to prevent harmful traffic from leaving the network. Blocking harmful outbound traffic can also prevent the network from being used as the source of an attack. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43370_chk ) |
|---|
| Inspect the rules installed on the IPS. Verify rules exist that monitor and block outbound traffic with internal source addresses that is harmful or will pose a threat to external information systems. If rules do not exist to enforce filtering of internal addresses posing a threat to external information systems, this is a finding. |
| Fix Text (F-43370_fix) |
|---|
| Configure the IPS with rules to enforce filtering of internal addresses posing a threat to external information systems. |