UCF STIG Viewer Logo

The IDPS must prevent access to organizationally defined security-relevant information except during secure, non-operable system states.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34665 SRG-NET-000279-IDPS-00201 SV-45540r1_rule Medium
Description
Security relevant information is any information within the information system that can potentially impact the operation of security functions in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data. Organizations may define specific security relevant information that requires protection. Examples: IDPS sensor rules, cryptographic key management information, key configuration parameters for security services, and access control lists. Secure, non-operable system states are states in which the IDPS is not performing mission or business-related processing (e.g., the system is off-line for maintenance, troubleshooting, boot-up, shutdown). Access to these types of data is to be prevented unless the system is in a maintenance mode or has otherwise been brought off-line. The goal is to minimize the potential that a security configuration or data may be dynamically and perhaps maliciously overwritten or changed without going through a formal system change process that can document the changes.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42889r1_chk )
Verify when the IDPS management console and sensors are off-line, the configuration files, log files, account information, and other security information are not accessible without proper authentication.

If the system does not prevent access when the system is in a state where the security policy and auditing cannot be enforced, this is a finding.
Fix Text (F-38937r1_fix)
Configure the management console to prevent administrator access when the audit and privilege policies cannot be enforced.