Intrusion detection and prevention capabilities must be architected and implemented to prevent non-privileged users from circumventing such protections.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-47951 | SOL-11.1-090170 | SV-60823r1_rule | Low |
| Description |
|---|
| Non-privileged users must not be able to alter intrusion detection and prevention systems to ensure these systems work properly. This can be accomplished through the use of user roles, use of proper systems permissions, auditing, logging, etc. |
| STIG | Date |
|---|---|
| Solaris 11 SPARC Security Technical Implementation Guide | 2017-03-02 |
Details
| Check Text ( C-50387r1_chk ) |
|---|
| The operator will ensure that DoD approved intrusion detection software is installed, operating, and updated monthly. The configurations will be updated regularly. The software will be maintained per vendor documentation. If the operator is unable to provide a documented configuration for an installed intrusion detection system or if the intrusion detection system is not properly configured, maintained or used, this is a finding. |
| Fix Text (F-51563r1_fix) |
|---|
| The operator will ensure that DoD approved intrusion detection software is installed, operating, and updated monthly. The configurations will be updated regularly. The software will be maintained per vendor documentation. |