The IDPS must preserve organizationally defined system state information in the event of a system failure.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000236-IDPS-000192 | SRG-NET-000236-IDPS-000192 | SRG-NET-000236-IDPS-000192_rule | Low |
| Description |
|---|
| Failure in a known state can address safety or security in accordance with the mission needs of the organization. Failure in a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving system state information facilitates system restart and return to the operational mode of the organization with less disruption of the network. Site should have a failover solution in place in case of system fault. IDPS systems may include failover configuration using multiple management servers, logging databases, and sensor load balancers. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43345_chk ) |
|---|
| Examine the configuration settings for hardware and/or application failover of the sensors. Verify the IDPS sensors are configured to preserved system state information upon failure. Verify the management console is configured to preserve organizationally defined system state information upon failure. If a failover method is not in use, this is a finding. |
| Fix Text (F-43345_fix) |
|---|
| Configure the system failover or hardware/software failure settings to preserve organizationally defined system state information in the event of a system failure. |