The IDPS must enforce approved authorizations for controlling the flow of information within the system and its components in accordance with applicable policy.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34484	SRG-NET-000018-IDPS-00018	SV-45260r1_rule		Medium

Description
Information flow control regulates where information is allowed to travel. This control applies to the flow of information within individual IDPS components. Internal component communication, such as between the sensors and management server, is not included in this control. The IDPS components must restrict information flow within the component to authorized communications. A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design. If information flow is not enforced based on approved authorizations, unauthorized commands, functionality, or traffic may be allowed to infiltrate security components causing corruption or other conditions. Examples of flow control restrictions include preventing installed applications or functions from accessing security configurations; or preventing unauthorized commands from executing on the IDPS components. For most IDPS components, internal information flow control is a product of system design. However, this control can also be mitigated with a policy to control and prevent the installation of unauthorized tools.

Description

Information flow control regulates where information is allowed to travel. This control applies to the flow of information within individual IDPS components. Internal component communication, such as between the sensors and management server, is not included in this control. The IDPS components must restrict information flow within the component to authorized communications. A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design. If information flow is not enforced based on approved authorizations, unauthorized commands, functionality, or traffic may be allowed to infiltrate security components causing corruption or other conditions. Examples of flow control restrictions include preventing installed applications or functions from accessing security configurations; or preventing unauthorized commands from executing on the IDPS components. For most IDPS components, internal information flow control is a product of system design. However, this control can also be mitigated with a policy to control and prevent the installation of unauthorized tools.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42607r1_chk )
View the documentation for each component. Verify any configuration requirements that are needed to support internal flow control mechanisms implemented. If the IDPS is not configured to enforce internal information flow based on approved authorizations in accordance with applicable policy restrictions, this is a finding.

Fix Text (F-38656r1_fix)
Configure the IDPS to enforce approved authorizations for controlling the flow of information within the system and its components in accordance with applicable policy.