The IDPS must enforce dynamic traffic flow control based on policy that allows/disallows information flows based on changing threat conditions or operational environment.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34499	SRG-NET-000029-IDPS-00029	SV-45320r1_rule		Medium

Description
Information flow control regulates where information is allowed to travel within a network and between interconnected networks. The flow of all network traffic must be monitored and controlled so it does not introduce any unacceptable risk to the network infrastructure or data. IDPS rules allowing or disallowing traffic based upon traffic types or rates is an example of enforcing this requirement. Rules may be triggered by a changes in organizational risk tolerance based on the operational environment, mission needs, threat conditions, or detection of potentially harmful events.

Description

Information flow control regulates where information is allowed to travel within a network and between interconnected networks. The flow of all network traffic must be monitored and controlled so it does not introduce any unacceptable risk to the network infrastructure or data. IDPS rules allowing or disallowing traffic based upon traffic types or rates is an example of enforcing this requirement. Rules may be triggered by a changes in organizational risk tolerance based on the operational environment, mission needs, threat conditions, or detection of potentially harmful events.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42668r1_chk )
Verify changes in traffic flow controls are added/updated to the IDPS rules. When changes are made, these changes must take effect immediately and the sensors should begin monitoring using the updated rule set. If the IDPS is not configured to enforce restrictions for traffic flow based on types and level of traffic, this is a finding. If the policy is not based on changing threat conditions or operational environment, this is a finding.

Check Text ( C-42668r1_chk )

Verify changes in traffic flow controls are added/updated to the IDPS rules.
When changes are made, these changes must take effect immediately and the sensors should begin monitoring using the updated rule set.

If the IDPS is not configured to enforce restrictions for traffic flow based on types and level of traffic, this is a finding. If the policy is not based on changing threat conditions or operational environment, this is a finding.

Fix Text (F-38716r1_fix)
Create and implement IDPS rules to dynamically enforce information flow control policy. Rules must dynamically adjust flow based on changes to the operational environment or threat conditions.