Navigate

Check: SRG-NET-000248-IDPS-00206

Intrusion Detection and Prevention Systems (IDPS) SRG: SRG-NET-000248-IDPS-00206 (in versions v2 r6 through v2 r2)

Title

The IDPS must perform real-time monitoring of files from external sources at network entry/exit points. (Cat II impact)

Discussion

Real-time monitoring of files from external sources at network entry/exit points helps to detect covert malicious code before it is downloaded to or executed by internal and external endpoints. Using malicious code, such as viruses, worms, Trojan horses, and spyware, an attacker may gain access to sensitive data and systems. IDPSs innately meet this requirement for real-time scanning for malicious code when properly configured to meet the requirements of this SRG. However, most products perform communications traffic inspection at the packet level.

Check Content

Verify the IDPS performs real-time monitoring of files from external sources at network entry/exit points. If the IDPS does not perform real-time monitoring of files from external sources at network entry/exit points, this is a finding.

Fix Text

Configure the IDPS to perform real-time monitoring of files from external sources at network entry/exit points.

Additional Identifiers

Rule ID: SV-69605r1_rule

Vulnerability ID: V-55359

Group Title: SRG-NET-000248-IDPS-00206

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001242	The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
SI-3	Malicious Code Protection