The IDPS must support and maintain the binding of organizationally defined security attributes to information in transmission.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34792	SRG-NET-000056-IDPS-00050	SV-45732r1_rule		Medium

Description
Security attribute assignments are representations of the properties or characteristics of an entity. For the IDPS this most likely will apply to user access privileges and classification metadata associated with reports, logs, or other information stored on the components. Security attributes and labels should be leveraged to protect stored information, as well as information flowing to external devices. Information stored, processed, and transmitted by the IDPS include sensors event logs, local audit logs, and application files. Security attributes and labels must also be leveraged to protect communications between the IDPS components and other devices, such as sensors, the management console, non-local management computers, firewalls, routers, and other network elements. Examples of possible IDPS security attributes that may be used by the organization to implement security policy include: session of packet identifiers; source and destination IP addresses; protocol identifiers; traffic classification; or VLAN identification. If the security attributes are disassociated from the information being transmitted, stored, or processed, then access control policies and information flows which depend on these security attributes will not function and unauthorized subjects or entities may gain access to the information.

Description

Security attribute assignments are representations of the properties or characteristics of an entity. For the IDPS this most likely will apply to user access privileges and classification metadata associated with reports, logs, or other information stored on the components. Security attributes and labels should be leveraged to protect stored information, as well as information flowing to external devices. Information stored, processed, and transmitted by the IDPS include sensors event logs, local audit logs, and application files. Security attributes and labels must also be leveraged to protect communications between the IDPS components and other devices, such as sensors, the management console, non-local management computers, firewalls, routers, and other network elements. Examples of possible IDPS security attributes that may be used by the organization to implement security policy include: session of packet identifiers; source and destination IP addresses; protocol identifiers; traffic classification; or VLAN identification. If the security attributes are disassociated from the information being transmitted, stored, or processed, then access control policies and information flows which depend on these security attributes will not function and unauthorized subjects or entities may gain access to the information.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-43099r1_chk )
Verify security attributes are not removed during transmission for information to system components and other systems (sensors, the management console, non-local management computers, firewalls, routers, and other network elements.) If the IDPS does not support and maintain the binding of organizationally defined security attributes to information in transmission, this is a finding.

Fix Text (F-39131r1_fix)
Configure the IDPS management console to support and maintain the binding of organizationally defined security attributes for information being transmitted between system components and external systems.