The IDPS must employ automated mechanisms to respond to unauthorized changes to organizationally defined configuration settings.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34623 | SRG-NET-000128-IDPS-00095 | SV-45498r1_rule | Medium |
| Description |
|---|
| Uncoordinated or incorrect configuration changes to network components can potentially lead to network outages and compromises. Centrally managing configuration changes for the IDPS can ensure they are done at the correct time and, if necessary, in synchronization with each other which can be vital for nodes that peer and require compatible configurations. Centralized configuration management also provides visibility and tracking of enterprise level activity promoting a sound configuration management procedure as well as an automatic mechanism to initiate an alert when an unauthorized change has been detected. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42847r3_chk ) |
|---|
| Verify the IDPS is configured to alarm or send an alert when unauthorized changes (modifications, updates, or deletions) are made to organizationally defined configuration settings. If automated mechanisms are not configured to respond to unauthorized changes to organizationally defined configuration settings, this is a finding. |
| Fix Text (F-38895r3_fix) |
|---|
| Configure the IDPS to alert when unauthorized changes are made to organizationally defined configuration setting. This may be done by alerting on all changes or by setting a list of organizationally defined alerts. |