UCF STIG Viewer Logo

The IDPS must use automated mechanisms to restrict the use of maintenance tools to authorized personnel only.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34689 SRG-NET-000172-IDPS-00129 SV-45570r1_rule Medium
Description
This requirement addresses security-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems. Maintenance tools include hardware/software diagnostic test equipment and hardware/software packet sniffers. Maintenance tools connecting to an IDPS may contain malware or insert unauthorized capabilities; therefore, their use must be restricted to authorized personnel.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42921r1_chk )
Verify the IDPS restricts the use of maintenance tools to authorized system administrators.

If the use of maintenance tools is not restricted, this is a finding.
Fix Text (F-38967r1_fix)
Configure the IDPS to restrict access to maintenance tools for the IDPS to authorized system administrators.