The IDPS must detect unauthorized changes to software and information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000271-IDPS-000247	SRG-NET-000271-IDPS-000247	SRG-NET-000271-IDPS-000247_rule		Medium

Description
Anomalous behavior and unauthorized changes must be detected before the IDPS is breeched or no longer in service. Identifying the source and method used to make the unauthorized change will help to determine what data is at risk and if other systems may be affected. HIDS software must be installed on the IDPS devices and sensors to protect the device itself from being breached and to monitor for unauthorized application file changes. This requirement is applicable to network appliances. For sensors with an underlying operating system, a compliance review of operating system is required which will include this HIDS requirement.

Description

Anomalous behavior and unauthorized changes must be detected before the IDPS is breeched or no longer in service. Identifying the source and method used to make the unauthorized change will help to determine what data is at risk and if other systems may be affected. HIDS software must be installed on the IDPS devices and sensors to protect the device itself from being breached and to monitor for unauthorized application file changes. This requirement is applicable to network appliances. For sensors with an underlying operating system, a compliance review of operating system is required which will include this HIDS requirement.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43420_chk )
Verify file integrity software has been installed on each sensor and management console (i.e., HIDS). Verify file integrity software is configured to monitor and alert if IDPS software is changed. If the system is not configured to detect unauthorized changes to software and information, this is a finding.

Fix Text (F-43420_fix)
Install file integrity software on each sensor and management console.