Title

The IDPS must generate a log record when unauthorized network services are detected. (Cat II impact)

Discussion

Unauthorized or unapproved network services lack organizational verification or validation and therefore may be unreliable or serve as malicious rogues for valid services. Examples of network services include service-oriented architectures (SOAs), cloud-based services (e.g., infrastructure as a service, platform as a service, or software as a service), cross-domain, Voice Over Internet Protocol, Instant Messaging, auto-execute, and file sharing.

Check Content

Verify the IDPS generates a log record when unauthorized network services are detected. If the IDPS does not generate a log record when unauthorized network services are detected, this is a finding.

Fix Text

Configure the IDPS to generate a log record when unauthorized network services are detected.

Additional Identifiers

Rule ID: SV-206911r856548_rule

Vulnerability ID: V-206911

Group Title: SRG-NET-000385

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.