Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS Administrator will ensure Atomic Signatures are implemented to protect the enclave.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19256 | NET-IDPS-013 | SV-21171r1_rule | EBBD-1 | Medium |
| Description |
|---|
| Without an industry agreed-upon set of definitions for IDPS controls, the use of the term signature will apply to all IDPS technologies. Signatures are defined as identifying something, defining it and then stop it from occurring. Signatures fall into one of the following two basic categories depending on their functionality: - Atomic - Stateful Atomic signatures trigger on a single event, they do not require your intrusion system to maintain state. The entire inspection can be accomplished in an atomic operation that does not require any knowledge of past or future activities. these signatures consume minimal resources (such as memory) on the IPS/IDS device. These signatures are easy to understand because they search only for a specific event. |
| STIG | Date |
|---|---|
| IDS/IPS Security Technical Implementation Guide | 2013-10-08 |
Details
| Check Text ( C-23289r1_chk ) |
|---|
| Identify the IDPS product and discuss the atomic signature installation with the SA. As defined above, regardless of the product type there are signatures that require state and those that do not. Ensure the atomic signatures are applied to all IDPS within the enclave. As a result of no statefulness, the implementation of atomic signatures do not degrade product performance significantly. Validate the signatures are current. |
| Fix Text (F-19911r1_fix) |
|---|
| Apply Atomic Signatures to all IDPS components in the enclave. Create a Change management process to receive Atomic signatures daily from the vendor if available, else as frequently as available by vendor. |