The IDPS must provide notification of failed automated security tests.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000269-IDPS-000246	SRG-NET-000269-IDPS-000246	SRG-NET-000269-IDPS-000246_rule		Medium

Description
Upon detection of a failure of an automated security self-test, the network element must respond in accordance with organizationally defined responses and alternative actions. Without taking any self-healing actions or notifying an administrator, the defense of the element and the network is left vulnerable and both could be breached. If system administrators are not alerted to failed security tests, the systems' defense, the system could have become compromised without the knowledge of the system administrators.

Description

Upon detection of a failure of an automated security self-test, the network element must respond in accordance with organizationally defined responses and alternative actions. Without taking any self-healing actions or notifying an administrator, the defense of the element and the network is left vulnerable and both could be breached. If system administrators are not alerted to failed security tests, the systems' defense, the system could have become compromised without the knowledge of the system administrators.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43418_chk )
Verify alerts are enabled to notify system administrators of failed security self-tests when they occur on any of the sensors or management console. If the system is not configured to provide notification of failed automated security tests, this is a finding.

Fix Text (F-43418_fix)
Enable notifications for failed security self-tests on each IDPS component. Configure the notification to alert the system administrator on failure of the self-tests.