UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must activate an organizationally defined alarm when a system component failure is detected.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34668 SRG-NET-000274-IDPS-00199 SV-45543r1_rule Low
Description
Predictable failure prevention requires organizational planning to address system failure issues. If components key to maintaining the system's security fail to function, the system could continue operating in an insecure state. If appropriate actions are not taken when an IDPS component failure occurs, a DoS condition may occur which could result in mission failure since the network would be operating without a critical security monitoring and prevention function. Upon detecting a failure of IDPS security components, the IDPS must either activate a system alert message, send an alarm, or shut down.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42892r1_chk )
Verify the system is configured to automatically send an administrator an alert when sensors are unexpectedly taken offline or fail. A keep-alive signal or monitoring functionality should be used to detect sensor failure from a central management tool.
Verify the IDPS components are configured to either shut down or send a notification if sensor monitoring functions fail.

If the sensors and other components deemed critical to monitoring network segments are not monitored for failure and unexpected off-line events, this is a finding.
Fix Text (F-38940r1_fix)
Configure each sensor to automatically send an alert upon failure of any sensor or other critical component (e.g., log aggregation data management console server).