The IDPS must isolate security functions from non-security functions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34701 | SRG-NET-000184-IDPS-00134 | SV-45587r1_rule | Medium |
| Description |
|---|
| The IDPS must be designed and configured to isolate security functions from non-security functions. An isolation boundary is implemented via partitions and domains. This boundary must provide separation between processes having different security levels. These processes are used by the hardware, software, and firmware of the IDPS components to perform various functions. The IDPS application must maintain a separate execution domain (e.g., address space) for each executing process to minimize the risk of leakage or corruption of privileged information. This control is normally a function of the IDPS application design and is usually not a configurable setting; however, there may be settings in some IDPS applications that must be configured to optimize function isolation. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42941r1_chk ) |
|---|
| Verify the application is designed to separate security functions from non-security functions (i.e., separate address space) for executing process. If the system is not designed to isolate security functions from non-security functions, this is a finding. |
| Fix Text (F-38984r1_fix) |
|---|
| Enable settings that isolate security functions from non-security functions. |