The IDPS must address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34763 | SRG-NET-000250-IDPS-00177 | SV-45687r1_rule | Medium |
| Description |
|---|
| One of the top concerns of any IDPS solution is false positives. Incorrectly identifying valid access and traffic as an attack can result in constant network traffic disruptions, inappropriately dropped packets, or unnecessary administrator alerts. Critical business activities can be delayed and additional IT resources needed to investigate and determine the nature of the false positives. Mechanisms which examine the traffic in context (stateful) or look for application and usage patterns are used by IDPS solutions to minimize false positives. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-43053r1_chk ) |
|---|
| Review the rules implemented on the IDPS to verify the system is configured to address the false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system. If the IDPS is not configured to address false positives during malicious code detection and eradication and the resulting impact on the availability of the system, this is a finding. |
| Fix Text (F-39085r1_fix) |
|---|
| Configure the IDPS to address the receipt of false positives during malicious code detection and eradication processes. |