Check: SRG-NET-000383-CLD-000200
Cloud Computing Mission Owner SRG:
SRG-NET-000383-CLD-000200
(in version v1 r0.1)
Title
The Mission Owner must configure an IDPS to protect Mission Owner enclaves and applications hosted in an off-premise cloud service offering. (Cat I impact)
Discussion
Without coordinated reporting between cloud service environments used for DoD mission, it is not possible to identify the true scale and possible target of an attack. protect Mission Owner enclaves and applications hosted in an off-premise cloud service offering and may be deployed within the cloud service environment, the MeetMe Point, cloud access point, or supporting Core Data Center (CDC). When the infrastructure has direct Internet access, implement virtual IDPS capabilities configured in compliance with the applicable DoD STIG or SRG. The Mission Owner and/or their CNDSP must be able to monitor the virtual network boundary and report/integrate with Tier 1. For dedicated infrastructure with a DODIN connection (Levels 4-6): implement IPS that monitors and works with the virtual security infrastructure (e.g., firewall, routing tables, WAF, etc.) to protect traffic flow inbound and outbound to/from the virtual network to the DODIN connection.
Check Content
If this is a premise or Level 2 implementation, this requirement is not applicable. Review SLA and architecture documentation. Verify the virtual IDPS is in place by inspecting the architecture diagrams. Verify that it is placed to monitor and protect the virtual enclave, platform, and interconnected host VMs. Inspect the virtual IDPS configuration. Verify a secure (encrypted) connection exists between the virtual IDPS capabilities and the CNDSP responsible for the mission system/application. If the Mission Owner has not configured the virtual enclave or platform IDPS to monitor and protect the virtual enclave(s) and interconnected VMs, this is a finding.
Fix Text
Configure a virtual IDPS to monitor and protect Mission Owner enclaves and applications hosted in an off-premise cloud.
Additional Identifiers
Rule ID: SRG-NET-000383-CLD-000200_rule
Vulnerability ID: SRG-NET-000383-CLD-000200
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002656 |
The organization configures individual intrusion detection tools into an information system-wide intrusion detection system. |
Controls
Number | Title |
---|---|
SI-4 (1) |
System-Wide Intrusion Detection System |