The IDPS must provide automated support for account management functions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34462	SRG-NET-000001-IDPS-00001	SV-45181r1_rule		Low

Description
Since the accounts in the IDPS are privileged or system level accounts, account management and distribution is vital to the security of the IDPS. If an attacker compromises an account, IDPS components (e.g., sensors, management console/server, and load balancers) are at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. As accounts are created or terminated and privilege levels are updated, the IDPS must be configured such that it automatically recognizes and supports this activity and immediately enforces the current account policy. IDPS applications do not use specific accounts other than for administrative purposes. This requirement is applicable for temporary accounts created or maintained using the IDPS application itself rather than the underlying OS or an authentication server. Accounts created and maintained on AAA devices (e.g., RADIUS, LDAP, or Active Directory) are secured using the applicable security guide or STIG.

Description

Since the accounts in the IDPS are privileged or system level accounts, account management and distribution is vital to the security of the IDPS. If an attacker compromises an account, IDPS components (e.g., sensors, management console/server, and load balancers) are at risk. Providing automated support functions for the management of accounts will ensure only active accounts will be granted access with the proper authorization levels. As accounts are created or terminated and privilege levels are updated, the IDPS must be configured such that it automatically recognizes and supports this activity and immediately enforces the current account policy. IDPS applications do not use specific accounts other than for administrative purposes. This requirement is applicable for temporary accounts created or maintained using the IDPS application itself rather than the underlying OS or an authentication server. Accounts created and maintained on AAA devices (e.g., RADIUS, LDAP, or Active Directory) are secured using the applicable security guide or STIG.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42527r1_chk )
Verify account management functions (e.g., account creation, termination, updates, and account policy updates) are automatically implemented using automated account management functions. If the IDPS components do not provide automatic support for account management functions, this is a finding.

Fix Text (F-38577r1_fix)
Configure the IDPS to automatically perform account management functions (e.g., account creation, termination, updates, and account policy updates).