UCF STIG Viewer Logo

The IDPS must be configured to perform organizationally defined actions in response to malicious code detection.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34762 SRG-NET-000249-IDPS-00176 SV-45686r1_rule Medium
Description
Organizations may determine that in response to malicious code detection, different actions may be warranted for different situations. For example, the IDPS may send different alerts, block malicious packets, block the IP address, or update the firewall depending on the capabilities of the implementation. Upon detection of traffic transporting malicious code, the IDPS must perform organizationally defined actions to notify or prevent malicious code from further impacting the network.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-43052r1_chk )
Review the rules implemented on the IDPS to verify organizationally defined actions are performed upon the detection of malicious code.

If the IDPS is not configured to perform organizationally defined actions when malicious code is detected, this is a finding.
Fix Text (F-39084r1_fix)
Configure the IDPS to perform organizationally defined actions when malicious code is detected.