The IDPS must be configured to perform periodic self-tests that verify security functionality is operational during system state changes (i.e., initialization, shutdown, and aborts.).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000267-IDPS-000245	SRG-NET-000267-IDPS-000245	SRG-NET-000267-IDPS-000245_rule		Low

Description
The integrity of security functions during system state changes will be periodically tested. Tests will determine the system is operating as required during each system state. The organization will define the states and conditions of operations. The frequency of these integrity checks will be also be organizationally determined. Recommendation is annual testing. The need to verify security functionality is necessary to ensure the IDPS's defense is enabled. If all security functions are not operating efficiently, the defense of the element and the network is left vulnerable and both could be breached. The security functionality for IDPS implementations is: information gathering, logging, detection, and prevention. If security functionality is not verified, the systems' defense, the system could have become compromised without the knowledge of the system administrators. If automated self-tests are not available for all devices, then implement one of the following alternatives: (i) Document the risk as accepted. (ii) Provide and document manual testing procedures.

Description

The integrity of security functions during system state changes will be periodically tested. Tests will determine the system is operating as required during each system state. The organization will define the states and conditions of operations. The frequency of these integrity checks will be also be organizationally determined. Recommendation is annual testing. The need to verify security functionality is necessary to ensure the IDPS's defense is enabled. If all security functions are not operating efficiently, the defense of the element and the network is left vulnerable and both could be breached. The security functionality for IDPS implementations is: information gathering, logging, detection, and prevention. If security functionality is not verified, the systems' defense, the system could have become compromised without the knowledge of the system administrators. If automated self-tests are not available for all devices, then implement one of the following alternatives: (i) Document the risk as accepted. (ii) Provide and document manual testing procedures.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43417_chk )
Verify automated self-tests are enabled on each component of the IDPS. Verify the automated self-tests are configured to run periodically (as defined by the organization requirements.) If the system is not configured to perform periodic self-tests that verify security functionality is operational during system state changes, this is a finding.

Fix Text (F-43417_fix)
Enable automation self-tests on each IDPS component.