Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must allow authorized administrators to enable/disable organizationally defined security policy filters.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34491 | SRG-NET-000021-IDPS-00023 | SV-45304r1_rule | Medium |
| Description |
|---|
| Organizationally defined security policy filters include, dirty word filters, file type checking filters, structured data filters, unstructured data filters, metadata content filters, and hidden content filters. Configuration and enforcement of administrator privileges ensures only authorized users have access to certain commands and functions on the IDPS. This control can be met by assigning the privilege to enable or disable security policy filters to privilege groups and then assigning users to these groups. Authorization to add, modify, or delete security policy filters must require the highest privilege level. If system administrators cannot be configured with different security privileges, then need-to-know cannot be enforced. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42652r1_chk ) |
|---|
| Verify only authorized IDPS administrators have accounts capable of enabling or disabling rules and signatures. If users who are not system administrators are permitted access to the sensors or other components, this is a finding. If audit or other restricted administrators have access to enable and disable rules and signatures, this is a finding. |
| Fix Text (F-38700r1_fix) |
|---|
| Assign the privileges to enable and disable organizationally defined security policy filters to security groups. Assign only administrators who are authorized to perform enabling and disabling of security policy filters to these security groups. |