UCF STIG Viewer Logo

The IDPS must enforce dynamic traffic flow control based on policy that allows/disallows information flows based on changing threat conditions or operational environment.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34499 SRG-NET-000029-IDPS-00029 SV-45320r1_rule Medium
Description
Information flow control regulates where information is allowed to travel within a network and between interconnected networks. The flow of all network traffic must be monitored and controlled so it does not introduce any unacceptable risk to the network infrastructure or data. IDPS rules allowing or disallowing traffic based upon traffic types or rates is an example of enforcing this requirement. Rules may be triggered by a changes in organizational risk tolerance based on the operational environment, mission needs, threat conditions, or detection of potentially harmful events.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42668r1_chk )
Verify changes in traffic flow controls are added/updated to the IDPS rules.
When changes are made, these changes must take effect immediately and the sensors should begin monitoring using the updated rule set.

If the IDPS is not configured to enforce restrictions for traffic flow based on types and level of traffic, this is a finding. If the policy is not based on changing threat conditions or operational environment, this is a finding.
Fix Text (F-38716r1_fix)
Create and implement IDPS rules to dynamically enforce information flow control policy. Rules must dynamically adjust flow based on changes to the operational environment or threat conditions.