The IDPS must uniquely identify destination domains for information transfer.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34496 | SRG-NET-000026-IDPS-00027 | SV-45315r1_rule | Medium |
| Description |
|---|
| Identifying source and destination domain addresses for information flows within the network allows forensic reconstruction of events when required, and increases policy compliance by attributing policy violations to specific individuals. Means to enforce this enhancement include ensuring the IDPS distinguishes between information systems and organizations, and between specific system components or individuals involved in sending and receiving information. Examples of information transfer for the IDPS is the sensor log updating the base, sensor alerts, or commands to update the firewall or router ACLs. Without unique identifiers, the audit records of these information transfers would not be useful to tracking possible violations. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42663r1_chk ) |
|---|
| Verify the IDPS uses a unique identifier for the destination domain (e.g., IP address) of information transfer sessions. View log entries to verify the information tracked includes destination domain information for the base, sensors, or other network elements involved in information transfer. If the unique identifier for the destination domain is not logged for information transfer sessions, this is a finding. |
| Fix Text (F-38711r1_fix) |
|---|
| Configure the IDPS management console to log information transfer events. Configure the event entry to include destination domain unique identifier (e.g., IP address). |