UCF STIG Viewer Logo

The IDPS must update malicious code protection mechanisms and rules definitions whenever new releases are available in accordance with organizational configuration management policy and procedures.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34759 SRG-NET-000246-IDPS-00175 SV-45683r1_rule Medium
Description
Malicious code includes viruses, worms, Trojan horses, and spyware. The code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. It can also run and attach programs, which provide a high risk potential for the distribution of malicious mobile code. Malicious code can be transported by electronic mail, mail attachments, web accesses, and removable media. While the IDPS cannot replace anti-virus or HIDS protection installed on the network's endpoints, sensor rules can be implemented which provide preemptive defense against both known and zero day vulnerabilities. However, if sensor rules are not kept up to date, new defenses and protection against emerging threats will not be available.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-43049r1_chk )
Review the configuration or system maintenance logs to verify the malicious code protection mechanisms and rules definitions are kept updated when new releases are available.

If malicious code protection mechanisms and rules definitions are not kept updated, this is a finding.
Fix Text (F-39081r1_fix)
Configure the IDPS for implementing updates for sensor rules and malicious code protection mechanisms in accordance with organizational configuration management policy and procedures.