UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must fail securely in the event of an operational failure.


Overview

Finding ID Version Rule ID IA Controls Severity
V-55595 SRG-NET-000365-IDPS-00199 SV-69841r1_rule Medium
Description
Since the IDPS is a boundary protection device, if the IDPS fails in an unsecure manner (open), unauthorized traffic originating externally to the enclave may enter, or the device may permit unauthorized information release. Fail secure is a condition achieved by employing information system mechanisms to ensure that if the IDPS traffic monitoring and detection functions fail, it does not enter into a non-secure state where configured security properties no longer hold. If the device fails, it must not fail in a manner that will allow unauthorized access. If the IDPS traffic monitoring and detection functions fail for any reason, the IDPS must stop forwarding traffic altogether or maintain the configured security policies. If the device stops forwarding traffic, maintaining network availability can be achieved through device redundancy. Since it is usually not possible to test this capability in a production environment, systems should either be validated in a testing environment or prior to installation. This requirement is usually a function of the design of the IDPS component. Compliance can be verified by acceptance/validation processes or vendor attestation.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2015-07-28

Details

Check Text ( C-56175r1_chk )
Verify the IDPS fails securely in the event of an operational failure.

If the IDPS does not fail securely in the event of an operational failure, this is a finding.
Fix Text (F-60467r1_fix)
Configure the IDPS to fail securely in the event of an operational failure.