The IDPS must detect unauthorized changes to software and information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34786 | SRG-NET-000271-IDPS-00196 | SV-45713r1_rule | Medium |
| Description |
|---|
| Anomalous behavior and unauthorized changes must be detected before the IDPS is breached or no longer in service. Identifying the source and method used to make the unauthorized change will help to determine what data is at risk and if other systems may be affected. HIDS software must be installed on the IDPS devices and sensors to protect the device itself from being breached and to monitor for unauthorized application file changes. This requirement is applicable to network appliances. For sensors with an underlying operating system, a compliance review of operating system is required which will include this HIDS requirement. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-43079r1_chk ) |
|---|
| Verify file integrity software has been installed on each sensor and management console (i.e., HIDS). Verify file integrity software is configured to monitor and alert if IDPS software is changed. If the system is not configured to detect unauthorized changes to software and information, this is a finding. |
| Fix Text (F-39111r1_fix) |
|---|
| Install file integrity software on each sensor and management console. Configure integrity software to monitor and alert when software is changed. |