The IDPS must protect the integrity of transmitted information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34722	SRG-NET-000207-IDPS-00151	SV-45617r1_rule		Medium

Description
The IDPS must employ cryptographic mechanisms to recognize changes to information during transmission unless the transmission is otherwise protected by alternative physical measures. If connectivity is provided by a commercial service provider rather than a dedicated service, obtaining the necessary assurances regarding the implementation of needed security controls for transmission integrity may not be possible. Without cryptographic integrity controls, information traveling over commercial networks could be altered or compromised during transmission. Therefore, these controls must be obtained from the service provider using appropriate contracting vehicles. If this is not feasible, then the organization will implement physical or logical compensating security controls.

Description

The IDPS must employ cryptographic mechanisms to recognize changes to information during transmission unless the transmission is otherwise protected by alternative physical measures. If connectivity is provided by a commercial service provider rather than a dedicated service, obtaining the necessary assurances regarding the implementation of needed security controls for transmission integrity may not be possible. Without cryptographic integrity controls, information traveling over commercial networks could be altered or compromised during transmission. Therefore, these controls must be obtained from the service provider using appropriate contracting vehicles. If this is not feasible, then the organization will implement physical or logical compensating security controls.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42983r1_chk )
This control does not apply if the information is protected by a physical security solution (e.g., Protective Distribution System [PDS] or physical access control) while in transit. Inspect the encryption configuration for each configured interface capable of communication with the network. Verify the encryption module is configured to use an approved hashing algorithm to protect information in transit through all interfaces capable of transmitting information. If the IDPS and sensors do not use cryptographic mechanisms to protect the integrity of information while in transit, this is a finding.

Check Text ( C-42983r1_chk )

This control does not apply if the information is protected by a physical security solution (e.g., Protective Distribution System [PDS] or physical access control) while in transit.

Inspect the encryption configuration for each configured interface capable of communication with the network.
Verify the encryption module is configured to use an approved hashing algorithm to protect information in transit through all interfaces capable of transmitting information.

If the IDPS and sensors do not use cryptographic mechanisms to protect the integrity of information while in transit, this is a finding.

Fix Text (F-39015r1_fix)
Configure the cryptographic module on all interfaces capable of communications to use cryptographic mechanisms configured with an approved hashing algorithm to protect the integrity of information while in transit.