UCF STIG Viewer Logo

The IDPS must notify an organizationally defined list of incident response personnel of suspicious events.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000259-IDPS-000242 SRG-NET-000259-IDPS-000242 SRG-NET-000259-IDPS-000242_rule Medium
Description
Monitoring outbound traffic enables the network operator to detect an attack towards another network with the local enclave as the base. When a compromise, potential compromise, or breach has been discovered by the intrusion detection system, it is critical the appropriate personnel are notified via an alert mechanism.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43414_chk )
Inspect the alerts configured on the IDS or IPS.
Verify the sensors are configured to alert the various individuals when specific events (as defined by the organization) are detected.

If the IDPS is not configured to alert specific individuals when suspicious events are detected, this is a finding.
Fix Text (F-43414_fix)
Implement alerts to notify specific individuals when suspicious events are detected.