The IDPS must enforce a Discretionary Access Control (DAC) policy that limits propagation of access rights.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000306-IDPS-000037	SRG-NET-000306-IDPS-000037	SRG-NET-000306-IDPS-000037_rule		Low

Description
Access control policies (e.g., identity-based policies, role-based policies, etc) and access enforcement mechanisms (e.g., access control lists, policy maps, and cryptography) are used to control access between users and objects (e.g., devices, data, destination addresses, etc.) within in the network. Without these security policies, access control and enforcement mechanisms will not prevent unauthorized access to user account information, system logs, and other files.

Description

Access control policies (e.g., identity-based policies, role-based policies, etc) and access enforcement mechanisms (e.g., access control lists, policy maps, and cryptography) are used to control access between users and objects (e.g., devices, data, destination addresses, etc.) within in the network. Without these security policies, access control and enforcement mechanisms will not prevent unauthorized access to user account information, system logs, and other files.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43155_chk )
Verify the site has configured the IDPS to implement DAC. Access could be granted based on file types, location, metadata, or source/destination IP address. If DAC techniques are not used for security control, this is a finding.

Fix Text (F-43155_fix)
Configure the IDPS components using DAC as required by organizationally defined policies.