The IDPS must enforce approved authorizations for controlling the flow of information between interconnected systems in accordance with applicable policy.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34485 | SRG-NET-000019-IDPS-00019 | SV-45262r1_rule | Medium |
| Description |
|---|
| Information flow controls are mechanisms which regulates where information is allowed to travel between interconnected systems. This control applies to the flow of information between IDPS components, such as the management console, sensors, and other network devices. Information flow varies based on the specific implementation of the IDPS. The flow of all traffic to and from IDPS components must be monitored and controlled, so this information does not introduce any unacceptable risk to the network or the IDPS. Example: An IPS sensor may detect an event and update the network firewall ACLs. Also, the sensors periodically transmit sensor event logs to the management console. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42609r1_chk ) |
|---|
| View each IDPS component's configuration. Verify communication between the sensors and other network elements are configured to allow only explicitly authorized devices to access, monitor, or modify the IDPS components. If the IDPS is not configured to enforce approved authorizations for controlling the flow of information between interconnected systems in accordance with applicable policy, this is a finding. |
| Fix Text (F-38658r1_fix) |
|---|
| Remove configuration information for unauthorized network devices from the communication functionality of the IDPS components. Explicitly configure authorized devices in the communication functionality of the IDPS components. |