The IDPS must automatically implement organizationally defined safeguards and countermeasures if security functions or mechanisms are changed inappropriately.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34613 | SRG-NET-000124-IDPS-00091 | SV-45481r1_rule | Medium |
| Description |
|---|
| Changes to any software components of the IDPS can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals are allowed administrative access to the IDPS for implementing any changes or upgrades. In order to ensure a prompt response to unauthorized changes to IDPS security functions, the organizations will define the safeguards the device must undertake in the event these changes occur. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42832r1_chk ) |
|---|
| This requirement is not applicable if the underlying OS provides safeguards and countermeasures for the IDPS software components. Verify organizationally defined prevention measures (safeguards) actions (countermeasures) are configured to occur when unauthorized changes are made to the security functions and mechanisms. If organizationally defined safeguards and countermeasures are not configured, this is a finding. |
| Fix Text (F-38878r1_fix) |
|---|
| Configure organizationally defined safeguards and countermeasures (e.g., alerts) to occur when security functions or mechanisms are inappropriately changed. |