Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must provide near real-time alerts when any of the organizationally defined list of compromise or potential compromise indicators occur.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000257-IDPS-000239 | SRG-NET-000257-IDPS-000239 | SRG-NET-000257-IDPS-000239_rule | Medium |
| Description |
|---|
| When a compromise, potential compromise, or breach has been discovered by the intrusion detection system, it is critical the appropriate personnel are notified via an alert mechanism. Near real-time alerts for critical events allow the administrators to respond to these potential compromise indicators since they may miss other types of alerts if they are not logging in or at the management console. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43411_chk ) |
|---|
| Inspect the alert functionality using the management console. Verify the system is configured to provide alerts to emails or monitored system screens when an organizationally defined list of events occur. If the system is not configured to provide near real-time alerts when any of the organizationally defined list of compromise or potential compromise indicators occur, this is a finding. |
| Fix Text (F-43411_fix) |
|---|
| Configure the IDPS to alert the administrators using email or another near real-time method when an organizationally defined list of events that may indicate an attack or other security violation occurs. |