In the event of a failure of the IDPS function, the IDPS must save diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34750	SRG-NET-000236-IDPS-00170	SV-45660r2_rule		Medium

Description
Failure in a secure state address safety or security in accordance with the mission needs of the organization. Failure to a secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving state information helps to facilitate the restart of the IDPS application and a return to operation with minimum disruption. This requirement applies to a failure of the IDPS function rather than the device or operating system as a whole which is addressed in the Network Device Management SRG. Since it is usually not possible to test this capability in a production environment, systems should either be validated in a testing environment or prior to installation. This requirement is usually a function of the design of the IDPS component. Compliance can be verified by acceptance/validation processes or vendor attestation.

Description

Failure in a secure state address safety or security in accordance with the mission needs of the organization. Failure to a secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving state information helps to facilitate the restart of the IDPS application and a return to operation with minimum disruption. This requirement applies to a failure of the IDPS function rather than the device or operating system as a whole which is addressed in the Network Device Management SRG. Since it is usually not possible to test this capability in a production environment, systems should either be validated in a testing environment or prior to installation. This requirement is usually a function of the design of the IDPS component. Compliance can be verified by acceptance/validation processes or vendor attestation.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2020-06-12

Details

Check Text ( C-43026r3_chk )
Verify the IDPS, upon failure of the IDPS function, saves diagnostic information, logs system messages, and loads the most current security policies, rules, and signatures when restarted. If IDPS function, upon system failure, does not save diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted, this is a finding.

Fix Text (F-39058r2_fix)
Configure the IDPS to, upon failure of the IDPS function, save diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted.