The network device must address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000250-NDM-NA	SRG-NET-000250-NDM-NA	SRG-NET-000250-NDM-NA_rule		Medium

Description
One of the top concerns of any network device solution is false positives. Incorrectly identifying valid access and traffic as an attack can result in constant network traffic disruptions, inappropriately dropped packets, or unnecessary administrator alerts. Critical business activities can be delayed and additional IT resources needed to investigate and determine the nature of the false positives. Mechanisms which examine the traffic in context (stateful) or look for application and usage patterns are used by network device solutions to minimize false positives. Addressing false positives for malicious code detection is beyond the scope of network device management.

Description

One of the top concerns of any network device solution is false positives. Incorrectly identifying valid access and traffic as an attack can result in constant network traffic disruptions, inappropriately dropped packets, or unnecessary administrator alerts. Critical business activities can be delayed and additional IT resources needed to investigate and determine the nature of the false positives. Mechanisms which examine the traffic in context (stateful) or look for application and usage patterns are used by network device solutions to minimize false positives. Addressing false positives for malicious code detection is beyond the scope of network device management.

STIG	Date
Network Device Management Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000250-NDM-NA_chk )
This requirement is NA for network device management.

Fix Text (F-SRG-NET-000250-NDM-NA_fix)
This requirement is NA for network device management.