The IDPS must only update malicious code protection mechanisms when directed by a privileged user.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34766 | SRG-NET-000253-IDPS-00179 | SV-45690r1_rule | Medium |
| Description |
|---|
| Malicious code includes viruses, worms, Trojan horses, and spyware. It is critical the protection mechanisms used to detect and contain this code are not tampered with by unauthorized users and are only updated when directed by a privileged user. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-43056r1_chk ) |
|---|
| Verify only authenticated and authorized system administrators have access to the update functionality for malicious code protection mechanisms and signatures. If malicious code protection installed on the IDPS components is not configured to allow only authorized system administrators to update the software, this is a finding. |
| Fix Text (F-39088r1_fix) |
|---|
| Remove permissions from system administrators who are not authorized for access to malicious code protection mechanisms and signature file configuration functionality. |