The IDPS must maintain the binding of security attributes to information with sufficient assurance that the information to attribute association can be used as the basis for automated policy actions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34525	SRG-NET-000059-IDPS-00053	SV-45367r1_rule		Medium

Description
Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects and objects) with respect to safeguarding information. These attributes are typically associated with internal data structures (e.g., records, buffers, files) within the IDPS and are used to enable the implementation of access control and flow control policies, reflect special dissemination, handling or distribution instructions, or support other aspects of the information security policy. Examples of automated policy actions include automated access control decisions (e.g., Mandatory Access Control decisions), or decisions to release (or not release) information (e.g., information flows via cross domain systems). If the attribute to information binding does have a high assurance, then information security policies based on these attributes may allow unauthorized subjects or entities to gain access to the information or network.

Description

Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects and objects) with respect to safeguarding information. These attributes are typically associated with internal data structures (e.g., records, buffers, files) within the IDPS and are used to enable the implementation of access control and flow control policies, reflect special dissemination, handling or distribution instructions, or support other aspects of the information security policy. Examples of automated policy actions include automated access control decisions (e.g., Mandatory Access Control decisions), or decisions to release (or not release) information (e.g., information flows via cross domain systems). If the attribute to information binding does have a high assurance, then information security policies based on these attributes may allow unauthorized subjects or entities to gain access to the information or network.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42716r1_chk )
Verify the system allows security attributes to be used to implement user access control decisions to the IDPS, create IDPS sensor rules for network monitoring, and control information transmissions to external devices, such as event log updates and communications to other network elements. If security attributes cannot be used as part of the automated security policy for flow and access control, this is a finding.

Check Text ( C-42716r1_chk )

Verify the system allows security attributes to be used to implement user access control decisions to the IDPS, create IDPS sensor rules for network monitoring, and control information transmissions to external devices, such as event log updates and communications to other network elements.

If security attributes cannot be used as part of the automated security policy for flow and access control, this is a finding.

Fix Text (F-38764r1_fix)
Configure the IDPS to allow configuration of access control and information flow based on organizationally defined attributes. Configure security attributes to bind to the information using trusted processes.