The IDPS must dynamically reconfigure security attributes in accordance with an identified security policy as information is created and combined.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34523	SRG-NET-000057-IDPS-00051	SV-45365r1_rule		Medium

Description
Security attribute assignments are representations of the properties or characteristics of an entity. Thus, if a security policy is changed or data is created or changed, the system will dynamically reconfigure and apply security attributes in accordance with the security policy. Security attributes and labels should be leveraged to protect stored information as well as information flowing to external devices. Information stored and processed by the IDPS includes sensors event logs, local audit logs, and application files. Security attributes and labels must also be leveraged to protect communications between sensors, the management console, non-local management computers, firewalls, routers, and other network elements. The IDPS must have the capability to dynamically reconfigure security attributes as information is created or combined, thus ensuring the correct attributes are assigned to the resulting data as part of this process. If changes to the security attributes are not reconfigured dynamically to meet security policies, then unauthorized entities may gain access to the information.

Description

Security attribute assignments are representations of the properties or characteristics of an entity. Thus, if a security policy is changed or data is created or changed, the system will dynamically reconfigure and apply security attributes in accordance with the security policy. Security attributes and labels should be leveraged to protect stored information as well as information flowing to external devices. Information stored and processed by the IDPS includes sensors event logs, local audit logs, and application files. Security attributes and labels must also be leveraged to protect communications between sensors, the management console, non-local management computers, firewalls, routers, and other network elements. The IDPS must have the capability to dynamically reconfigure security attributes as information is created or combined, thus ensuring the correct attributes are assigned to the resulting data as part of this process. If changes to the security attributes are not reconfigured dynamically to meet security policies, then unauthorized entities may gain access to the information.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42714r1_chk )
Verify a reboot or reset is not needed when security attributes are changed (e.g., configuration changes that alter flow control information, user rights, or security labels). Verify changes to attributes immediately take effect by changing an attribute and testing to see if the change has taken effect. Verify that when information is created or combined, the security policy is applied to the new files or information (e.g., user restrictions apply). If configuration changes to security attributes are not dynamically updated, this is a finding.

Check Text ( C-42714r1_chk )

Verify a reboot or reset is not needed when security attributes are changed (e.g., configuration changes that alter flow control information, user rights, or security labels).
Verify changes to attributes immediately take effect by changing an attribute and testing to see if the change has taken effect.
Verify that when information is created or combined, the security policy is applied to the new files or information (e.g., user restrictions apply).

If configuration changes to security attributes are not dynamically updated, this is a finding.

Fix Text (F-38762r1_fix)
Configure the IDPS to dynamically reconfigure security attributes in accordance with the organizationally defined security policy.