Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-34668 | SRG-NET-000274-IDPS-00199 | SV-45543r1_rule | Low |
Description |
---|
Predictable failure prevention requires organizational planning to address system failure issues. If components key to maintaining the system's security fail to function, the system could continue operating in an insecure state. If appropriate actions are not taken when an IDPS component failure occurs, a DoS condition may occur which could result in mission failure since the network would be operating without a critical security monitoring and prevention function. Upon detecting a failure of IDPS security components, the IDPS must either activate a system alert message, send an alarm, or shut down. |
STIG | Date |
---|---|
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Check Text ( C-42892r1_chk ) |
---|
Verify the system is configured to automatically send an administrator an alert when sensors are unexpectedly taken offline or fail. A keep-alive signal or monitoring functionality should be used to detect sensor failure from a central management tool. Verify the IDPS components are configured to either shut down or send a notification if sensor monitoring functions fail. If the sensors and other components deemed critical to monitoring network segments are not monitored for failure and unexpected off-line events, this is a finding. |
Fix Text (F-38940r1_fix) |
---|
Configure each sensor to automatically send an alert upon failure of any sensor or other critical component (e.g., log aggregation data management console server). |