The IDPS must allow administrators to select which rule sets are to be applied at the sensor level.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34573	SRG-NET-999999-IDPS-00229	SV-45428r1_rule		Medium

Description
All sensors of the IDPS must be configurable with the organizationally defined rules. This requirement does not require each sensor be configured with separate rule sets; however, this capability must be available to meet the need to respond to future attack vectors. If administrators do not have granular control of the rule to be applied and logged for later analysis, then malicious attacks may be missed.

Description

All sensors of the IDPS must be configurable with the organizationally defined rules. This requirement does not require each sensor be configured with separate rule sets; however, this capability must be available to meet the need to respond to future attack vectors. If administrators do not have granular control of the rule to be applied and logged for later analysis, then malicious attacks may be missed.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42777r2_chk )
Verify sensor rules (local and vendor-provided) can be configured and/or selected at the sensor level. Verify the IDPS sensors have the capability to be configured with separate rule sets. If the IDPS does not allow administrators to select which rule sets are to be applied at the sensor level, this is a finding.

Fix Text (F-38825r1_fix)
Configure the sensors with rule sets according to the security policy of the network segment or VLAN.