Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must be configured to perform organizationally defined actions in response to malicious code detection.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34762 | SRG-NET-000249-IDPS-00176 | SV-45686r1_rule | Medium |
| Description |
|---|
| Organizations may determine that in response to malicious code detection, different actions may be warranted for different situations. For example, the IDPS may send different alerts, block malicious packets, block the IP address, or update the firewall depending on the capabilities of the implementation. Upon detection of traffic transporting malicious code, the IDPS must perform organizationally defined actions to notify or prevent malicious code from further impacting the network. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-43052r1_chk ) |
|---|
| Review the rules implemented on the IDPS to verify organizationally defined actions are performed upon the detection of malicious code. If the IDPS is not configured to perform organizationally defined actions when malicious code is detected, this is a finding. |
| Fix Text (F-39084r1_fix) |
|---|
| Configure the IDPS to perform organizationally defined actions when malicious code is detected. |