The IDPS Administrator will ensure Atomic Signatures are implemented to protect the enclave.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19256	NET-IDPS-013	SV-21171r1_rule	EBBD-1	Medium

Description
Without an industry agreed-upon set of definitions for IDPS controls, the use of the term signature will apply to all IDPS technologies. Signatures are defined as identifying something, defining it and then stop it from occurring. Signatures fall into one of the following two basic categories depending on their functionality: - Atomic - Stateful Atomic signatures trigger on a single event, they do not require your intrusion system to maintain state. The entire inspection can be accomplished in an atomic operation that does not require any knowledge of past or future activities. these signatures consume minimal resources (such as memory) on the IPS/IDS device. These signatures are easy to understand because they search only for a specific event.

Description

Without an industry agreed-upon set of definitions for IDPS controls, the use of the term signature will apply to all IDPS technologies. Signatures are defined as identifying something, defining it and then stop it from occurring. Signatures fall into one of the following two basic categories depending on their functionality: - Atomic - Stateful Atomic signatures trigger on a single event, they do not require your intrusion system to maintain state. The entire inspection can be accomplished in an atomic operation that does not require any knowledge of past or future activities. these signatures consume minimal resources (such as memory) on the IPS/IDS device. These signatures are easy to understand because they search only for a specific event.

STIG	Date
IDS/IPS Security Technical Implementation Guide	2013-10-08

Details

Check Text ( C-23289r1_chk )
Identify the IDPS product and discuss the atomic signature installation with the SA. As defined above, regardless of the product type there are signatures that require state and those that do not. Ensure the atomic signatures are applied to all IDPS within the enclave. As a result of no statefulness, the implementation of atomic signatures do not degrade product performance significantly. Validate the signatures are current.

Check Text ( C-23289r1_chk )

Identify the IDPS product and discuss the atomic signature installation with the SA. As defined above, regardless of the product type there are signatures that require state and those that do not. Ensure the atomic signatures are applied to all IDPS within the enclave. As a result of no statefulness, the implementation of atomic signatures do not degrade product performance significantly. Validate the signatures are current.

Fix Text (F-19911r1_fix)
Apply Atomic Signatures to all IDPS components in the enclave. Create a Change management process to receive Atomic signatures daily from the vendor if available, else as frequently as available by vendor.