Title

The IDPS must be configured to remove or disable non-essential capabilities which are not required for operation or not related to IDPS functionality (e.g., DNS, email client or server, FTP server, or web server). (Cat II impact)

Discussion

An IDPS can be capable of providing a wide variety of capabilities. Not all of these capabilities are necessary. Unnecessary services, functions, and applications increase the attack surface (sum of attack vectors) of a system. These unnecessary capabilities are often overlooked and therefore may remain unsecured.

Check Content

Have the SCA display the services running on the IDPS components. Review the IDPS configuration to determine if non-essential capabilities not required for operation, or not related to IDPS functionality (e.g., DNS, email client or server, FTP server, or web server) are enabled. If the IDPS is not configured to remove or disable non-essential capabilities which are not required for operation or not related to IDPS functionality (e.g., DNS, email client or server, FTP server, or web server), this is a finding.

Fix Text

Remove or disable non-essential capabilities from the IDPS. Removal is recommended since the service or function may be inadvertently enabled. However, if removal is not possible, disable the service or function. Document all necessary services.

Additional Identifiers

Rule ID: SV-69585r1_rule

Vulnerability ID: V-55339

Group Title: SRG-NET-000131-IDPS-00011

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.