Title

Intrusion detection software must be able to interconnect using standard protocols to create a system wide intrusion detection system. (Cat II impact)

Discussion

When utilizing intrusion detection software, monitoring components are usually dispersed throughout the network, such as, when utilizing HIDS and multiple NIDS sensors. In order to leverage the capabilities of intrusion detection systems to get a complete overall view of network and host activity, these separate components must be able to report and react to activity they detect. Non-standard or custom communication protocols do not provide the reliability and veracity required of an enterprise class intrusion detection system. An example of a custom protocol includes, but is not limited to, vendor specific communication protocols that have not undergone IETF RFC evaluation and/or are not in common use throughout the Internet as a whole. Rationale for non-applicability: The MDM SRG addresses mechanisms that check the integrity of the mobile device.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-47002r1_rule

Vulnerability ID: V-35715

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.