Title

Servers do not employ Host Based Intrusion Detection (HIDS). (Cat II impact)

Discussion

Servers without a HID may allow unauthorized access to go undetected and limit the ability of security personnel to stop malicious or unauthorized use of the device. In order to ensure that an attempted or existing attack goes unnoticed, the data from the HID must be monitored continuously.

Check Content

Interview the IAO to determine if there is a process and policy in place to ensure Host Based IDS is installed on all servers. Work with the reviewers to determine compliance. **This check applies to Enhanced Compliance Validation visits.

Fix Text

The IAO will ensure all servers employ HIDS, if technically feasible. This requirement may not pertain to legacy systems and cutting edge devices that do not yet have the capability. Documentation must exist from the vendor to approve any variance from this requirement.

Additional Identifiers

Rule ID: SV-4027r1_rule

Vulnerability ID: V-4027

Group Title: Servers do not employ HIDs.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.