The IDPS must use a vendor-supported version of the firmware and application software.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000242-IDPS-000220	SRG-NET-000242-IDPS-000220	SRG-NET-000242-IDPS-000220_rule		Low

Description
The system administrator must monitor IAVM, OS, or OEM patch or vulnerability notices. Software flaw remediation and tracking is ideally performed by a patch management/remediation server. Depending on the IDPS used, this requirement can be accomplished by configuring the device to work with the remediation server. However, it is also acceptable if the remediation server is configured to fulfill this requirement and notify the administrator when updates are required. It is not recommended for the IDPS to directly connect to the vendor or any other external site. A patch management server must be used as the source of software updates. Unsupported versions will lack security enhancements as well as support provided by the vendors to address vulnerabilities.

Description

The system administrator must monitor IAVM, OS, or OEM patch or vulnerability notices. Software flaw remediation and tracking is ideally performed by a patch management/remediation server. Depending on the IDPS used, this requirement can be accomplished by configuring the device to work with the remediation server. However, it is also acceptable if the remediation server is configured to fulfill this requirement and notify the administrator when updates are required. It is not recommended for the IDPS to directly connect to the vendor or any other external site. A patch management server must be used as the source of software updates. Unsupported versions will lack security enhancements as well as support provided by the vendors to address vulnerabilities.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43383_chk )
Research the vendor's vulnerability list and current version/revision. This can be obtained on the vendor's support page of the website. Verify security patches and software updates are still being issued for the installed version of the IDPS firmware of application software. If the system is not configured to use a vendor-supported version of the firmware or application software, this is a finding.

Check Text ( C-43383_chk )

Research the vendor's vulnerability list and current version/revision.
This can be obtained on the vendor's support page of the website.
Verify security patches and software updates are still being issued for the installed version of the IDPS firmware of application software.

If the system is not configured to use a vendor-supported version of the firmware or application software, this is a finding.

Fix Text (F-43383_fix)
Configure the IDPS to use a vendor-supported version of the firmware or application software.