UCF STIG Viewer Logo

The IDPS must enforce dual authorization based on organizational policies and procedures for organizationally defined privileged commands.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34482 SRG-NET-000016-IDPS-00016 SV-45258r1_rule Medium
Description
Dual authorization mechanisms require two forms of approval to execute. An organization may determine certain commands or IDPS configuration changes require dual authorization before being activated. However, an organization should not employ dual authorization mechanisms when an immediate response is necessary to ensure public and environmental safety. If dual authorization is not automatically enforced by the system, system administrators would be able to change the system configuration without oversight from a second administrator when required by the site security policy. If dual authorization is a requirement for the site, this control applies to the IDPS sensor logs and other files.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42605r1_chk )
Inspect the management console configuration. Verify the settings enabling dual authorization are configured. Verify these settings cannot be disabled without dual authorization.

If the IDPS settings to enable dual authorization are not enabled, this is a finding.
Fix Text (F-38654r1_fix)
Enable IDPS settings to require dual authorization for organizationally defined privileged commands.