The IDPS must be configured to detect the presence of unauthorized software on organizational information systems.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34698 | SRG-NET-000181-IDPS-00133 | SV-45583r1_rule | Medium |
| Description |
|---|
| The IDPS monitors the network for known vulnerabilities and malicious software, such as Trojan horses, hacker tools, DDoS agents, and spyware. Many of these vulnerabilities may not be detected by anti-virus software or host-based intrusion detection systems. Unauthorized software may contain malware or malicious code which may be exploited by an attacker to gain access. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42937r1_chk ) |
|---|
| Verify the use of sensor rules that monitor for unauthorized software. If IDPS sensor rules are not used to monitor for unauthorized software use on organizational information systems, this is a finding. |
| Fix Text (F-38980r1_fix) |
|---|
| Configure the IDPS sensors to detect unauthorized software. |