UCF STIG Viewer Logo

IDPS components, including sensors, event databases, and management consoles must integrate with a network-wide monitoring capability.


Overview

Finding ID Version Rule ID IA Controls Severity
V-55365 SRG-NET-000383-IDPS-00208 SV-69611r1_rule Medium
Description
An integrated, network-wide intrusion detection capability increases the ability to detect and prevent sophisticated distributed attacks based on access patterns and characteristics of access. Integration is more than centralized logging and a centralized management console. The enclave's monitoring capability may include multiple sensors, IPS, sensor event databases, behavior-based monitoring devices, application-level content inspection systems, malicious code protection software, scanning tools, audit record monitoring software, and network monitoring software. Some tools may monitor external traffic while others monitor internal traffic at key boundaries. These capabilities may be implemented using different devices and therefore can have different security policies and severity-level schema. This is valuable because content filtering, monitoring, and prevention can become a bottleneck on the network if not carefully configured.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2020-06-12

Details

Check Text ( C-55989r1_chk )
Verify the IDPS integrates with a network-wide monitoring capability which includes sensors, event databases, and management consoles.

If the IDPS does not integrate with a network-wide monitoring capability which includes sensors, event databases, and management consoles, this is a finding.
Fix Text (F-60231r1_fix)
Configure the IDPS components, including sensors, event databases, and management consoles to integrate with a network-wide monitoring capability.