UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must provide a warning when the sensor event logging storage capacity reaches an organizationally defined maximum capacity.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34589 SRG-NET-999999-IDPS-00223 SV-45453r1_rule Low
Description
It is imperative the IDPS be configured to allocate storage capacity to contain sensor event log records and an alert be generated when the capacity reaches an organizationally defined threshold. Without this capability, the site could lose valuable data needed for investigating security incidents.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42802r1_chk )
Identify how the IDPS is configured for this notification. Verify the message is displayed at the remote console if an administrator is already logged in, or when an administrator logs in. Verify the device is capable of generating the alarm or alert and notification as described.

If the system does not provide a warning when the logging storage capacity reaches an organizationally defined percentage of maximum capacity, this is a finding.
Fix Text (F-38850r1_fix)
Configure the IDPS to alert when the sensor event log reaches an organizationally defined capacity.