UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS Administrator will ensure Atomic Signatures are implemented to protect the enclave.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19256 NET-IDPS-013 SV-21171r1_rule EBBD-1 Medium
Description
Without an industry agreed-upon set of definitions for IDPS controls, the use of the term signature will apply to all IDPS technologies. Signatures are defined as identifying something, defining it and then stop it from occurring. Signatures fall into one of the following two basic categories depending on their functionality: - Atomic - Stateful Atomic signatures trigger on a single event, they do not require your intrusion system to maintain state. The entire inspection can be accomplished in an atomic operation that does not require any knowledge of past or future activities. these signatures consume minimal resources (such as memory) on the IPS/IDS device. These signatures are easy to understand because they search only for a specific event.
STIG Date
IDS/IPS Security Technical Implementation Guide 2013-10-08

Details

Check Text ( C-23289r1_chk )
Identify the IDPS product and discuss the atomic signature installation with the SA. As defined above, regardless of the product type there are signatures that require state and those that do not. Ensure the atomic signatures are applied to all IDPS within the enclave. As a result of no statefulness, the implementation of atomic signatures do not degrade product performance significantly. Validate the signatures are current.
Fix Text (F-19911r1_fix)
Apply Atomic Signatures to all IDPS components in the enclave. Create a Change management process to receive Atomic signatures daily from the vendor if available, else as frequently as available by vendor.