The IDPS must activate an organizationally defined alarm when a system component failure is detected.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000274-IDPS-000218 | SRG-NET-000274-IDPS-000218 | SRG-NET-000274-IDPS-000218_rule | Low |
| Description |
|---|
| An IDPS with a failing security component can potentially put the entire network at risk. If key components to maintaining network security fail to function, it is possible the IDPS will continue operating in an insecure state. It is imperative this not occur and therefore must immediately send an alarm or shut down. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43381_chk ) |
|---|
| Verify the system has the capability to automatically take action or send an administrator alarm sensors are unexpectedly taken offline or fail. A keep-alive signal or monitoring functionality should be used to detect sensor failure from a central management tool. If the sensors and other components deems critical to monitoring network segments are not monitored for failure and unexpected off-line events, this is a finding. |
| Fix Text (F-43381_fix) |
|---|
| Configure each sensor to automatically alarm or notification for failure of any sensor or other critical components (e.g., log aggregation data management console server). |