The IDPS must take an organizationally defined list of least-disruptive actions to terminate suspicious events.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34775 | SRG-NET-000260-IDPS-00186 | SV-45699r1_rule | Medium |
| Description |
|---|
| Monitoring outbound traffic enables the network operator to detect an attack towards another network with the local enclave as the base. When a compromise, potential compromise, or breach has been discovered by the intrusion detection system, the IDPS must take action to thwart the attack using methods creating the least disruption to network availability. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-43065r1_chk ) |
|---|
| Verify the IDPS is configured to take an organizationally defined list of least-disruptive actions to terminate suspicious events. If the IDPS is not configured to take an organizationally defined list of least-disruptive actions to terminate suspicious events, this is a finding. |
| Fix Text (F-39097r1_fix) |
|---|
| Configure the IDPS to take an organizationally defined list of least-disruptive actions to terminate suspicious events |