Check: SRG-NET-000390-CLD-000210
Cloud Computing Mission Owner SRG:
SRG-NET-000390-CLD-000210
(in version v1 r0.1)
Title
The Mission Owner of the virtual enclave or platform must continuously monitor and protect inbound communications from other enclaves for unusual or unauthorized activities or conditions. (Cat II impact)
Discussion
Evidence of malicious code is used to identify potentially compromised information systems or information system components. Unusual/unauthorized activities or conditions related to information system inbound communications traffic include, for example, internal traffic that indicates the presence of malicious code within organizational information systems or propagating among system components, the unauthorized exporting of information, or signaling to external information systems. Anomalies within organizational information systems include, for example, large file transfers, long-time persistent connections, unusual protocols and ports in use, and attempted communications with suspected malicious external addresses.
Check Content
If this is a premise or Level 2 implementation, this requirement is not applicable. Inspect the ACLs for inbound interfaces from other enclaves for the firewalls. Verify these rules are configured for continuous monitoring. Verify the ACLs and security rules include rules and ACLs that detect and filter unusual or unauthorized activities or conditions such as large file transfers, persistent connections, unusual protocols and ports in use, communication with unauthorized entities, or other unusually high traffic from particular segments or devices. If the virtual enclave does not continuously monitor inbound communications from other virtual enclaves within the same cloud service environment for unusual or unauthorized activities or conditions, this is a finding.
Fix Text
Configure the firewall and IDPS for continuous monitoring of all communications inbound to the virtual enclave or platform. Configure the ACLs and security rules to detect and filter unusual or unauthorized activities or conditions such as large file transfers, persistent connections, unusual protocols and ports in use, communication with unauthorized entities, or other unusually high traffic from particular segments or devices.
Additional Identifiers
Rule ID: SRG-NET-000390-CLD-000210_rule
Vulnerability ID: SRG-NET-000390-CLD-000210
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002661 |
The information system monitors inbound communications traffic per organization-defined frequency for unusual or unauthorized activities or conditions. |
Controls
Number | Title |
---|---|
SI-4 (4) |
Inbound And Outbound Communications Traffic |