The IDPS must provide the capability for a privileged administrator to configure the organizationally defined security policy filters to support different security policies.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34492 | SRG-NET-000022-IDPS-00024 | SV-45307r1_rule | Medium |
| Description |
|---|
| The IDPS must be configured to restrict management access according to the privilege level the user has been granted. Authorization to configure security policies must require the highest privilege level which can be implemented by simply assigning privilege levels may be performed using the account functions on the IDPS or through configuration of an authentication server (i.e., AAA server). The access control configuration must provide the capability to assign IDPS administrators to tiered groups containing required privilege levels. If system administrators cannot be configured with different security policy filters, then need-to-know cannot be enforced. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42656r2_chk ) |
|---|
| Verify the IDPS management console provides the system administrators the ability to configure security policy filters (e.g., creating groups with different authorizations and privileges). Verify the system has the capability to assign security levels to groups and individual users as needed. If the IDPS does not provide the capability to configure security policy filters, this is a finding. |
| Fix Text (F-38704r1_fix) |
|---|
| Create security policy filters by creating security groups or use pre-existing groups. Assign privileges to each group based on varying need-for-access. Assign system administrators as group members to each group based on level of access required. |