The IDPS must support and maintain the binding of organizationally defined security attributes to information in process.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34522	SRG-NET-000055-IDPS-00049	SV-45364r1_rule		Medium

Description
Security attribute assignments (e.g., metadata, classification, user access privileges, or affiliation) are abstractions representing the basic properties or characteristics of an entity. Attributes may be bound to data and then used in various applications within the IDPS to enable access control, flow control, information handling, and other information security policy processes. Security attributes and labels must be leveraged to protect stored information, as well as information flowing to external devices. Information stored, processed, and transmitted by the IDPS include sensors event logs, local audit logs, and application files. Security attributes and labels must also be leveraged to protect communications between sensors, the management console, non-local management computers, firewalls, routers, and other network elements. If the security attributes are disassociated from the information being transmitted, stored, or processed, then access control policies and information flows which depend on these security attributes will not function and unauthorized subjects or entities may gain access to the information. Examples of possible IDPS security attributes that may be used by the organization to implement security policy include: session of packet identifiers; source and destination IP addresses; protocol identifiers; traffic classification; subnet or Virtual Local Area Network (VLAN) identification.

Description

Security attribute assignments (e.g., metadata, classification, user access privileges, or affiliation) are abstractions representing the basic properties or characteristics of an entity. Attributes may be bound to data and then used in various applications within the IDPS to enable access control, flow control, information handling, and other information security policy processes. Security attributes and labels must be leveraged to protect stored information, as well as information flowing to external devices. Information stored, processed, and transmitted by the IDPS include sensors event logs, local audit logs, and application files. Security attributes and labels must also be leveraged to protect communications between sensors, the management console, non-local management computers, firewalls, routers, and other network elements. If the security attributes are disassociated from the information being transmitted, stored, or processed, then access control policies and information flows which depend on these security attributes will not function and unauthorized subjects or entities may gain access to the information. Examples of possible IDPS security attributes that may be used by the organization to implement security policy include: session of packet identifiers; source and destination IP addresses; protocol identifiers; traffic classification; subnet or Virtual Local Area Network (VLAN) identification.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42712r1_chk )
Verify the IDPS is capable of setting security attributes to configure security policies and access control privileges on the system. If the IDPS does not support and maintain the binding of organizationally defined security attributes to information in process, this is a finding.

Fix Text (F-38760r1_fix)
Configure the IDPS management console to support and maintain the binding of organizationally defined security attributes to information while it is being processed by the sensors and management console.