The IDPS must preserve organizationally defined system state information in the event of a system failure.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34750 | SRG-NET-000236-IDPS-00170 | SV-45660r1_rule | Low |
| Description |
|---|
| Failure in a known state can address safety or security in accordance with the mission needs of the organization. Failure in a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving system state information facilitates system restart and return to the operational mode of the organization with less disruption of the network. Each site should have a failover solution in place in case of system fault. IDPS components may include failover configuration using multiple management servers, logging databases, and sensor load balancers. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-43026r1_chk ) |
|---|
| Examine the configuration settings for hardware and/or application failover of the sensors. Verify the IDPS sensors are configured to preserve system state information upon failure. Verify the management console is configured to preserve organizationally defined system state information upon failure. If a failover method is not in use, this is a finding. |
| Fix Text (F-39058r1_fix) |
|---|
| Configure the system failover or hardware/software failure settings to preserve organizationally defined system state information in the event of a system failure. |