The IDPS must implement security policies for all traffic flows by using security zones at various protection levels as a basis for flow control decisions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34498 | SRG-NET-000028-IDPS-00028 | SV-45317r1_rule | Medium |
| Description |
|---|
| Information flow control regulates where information is allowed to travel within a network and between interconnected networks. The flow of all network traffic must be monitored and controlled so it does not introduce unacceptable risks to the network infrastructure or data. Restrictions can be enforced using security zones at various protection levels as a basis for flow control decisions. Usually flow control is not a primary function of the IDPS implementation. However, many products are able to support flow control decisions or affect the flow more directly. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42665r1_chk ) |
|---|
| If this functionality if provided by another network element, this is not a finding. Verify security zones are being used. Verify zones are created to reflect the various protection levels as needed by the organization to monitor traffic flow and respond to anomalies. If the IDPS does not implement security policies for all traffic flows by using security zones at various protection levels as a basis for flow control decisions, this is a finding. |
| Fix Text (F-38713r1_fix) |
|---|
| Configure the management console to implement security policies for all traffic flows being monitored by the sensors. Create security zones as needed to reflect various protection levels as a basis for flow control decisions. |