UCF STIG Viewer Logo

The IDPS must protect non-local maintenance sessions through the use of multifactor authentication which is tightly bound to the user.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34691 SRG-NET-000174-IDPS-00131 SV-45572r1_rule Medium
Description
The IDPS must protect non-local maintenance sessions through the use of a strong authenticator which is tightly bound to the user. Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network; either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection. Authentication techniques used in the establishment of non-local maintenance and diagnostic sessions reflect the network access requirements. Without authentication anyone with logical access can access IDPS components allowing, intruders to compromise resources within the network infrastructure. Typically, strong authentication requires authenticators that are resistant to replay attacks and employ multifactor authentication. An example of a strong authenticator is PKI, where certificates are stored on a token which is protected by a password, passphrase, or biometric. Authentication of all administrator accounts for all privilege levels must be accomplished using two or more factors that include the following: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric).
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42924r1_chk )
If authentication functionality is provided by the underlying platform's account management system or by a network authentication server rather than the IDPS application itself, this is not a finding.

Verify non-local access to accounts authorized to perform maintenance and diagnostic activities on the IDPS components requires authenticated access.
Verify the authentication used is a DoD approved multifactor authentication method (e.g., PKI, SecureID, or DoD Alternate Token).

If a multifactor authentication is not used for non-local maintenance sessions, this is a finding.
Fix Text (F-38970r1_fix)
Configure the IDPS components to require login to an authentication server which uses multifactor authentication for non-local maintenance sessions.