Check: NET-IDPS-025
Network Infrastructure Policy STIG:
NET-IDPS-025
(in versions v10 r6 through v9 r2)
Title
Intrusion Detection and Prevention System (IDPS) traffic between the sensor and the security management or sensor data collection servers must traverse a dedicated Virtual Local Area Network (VLAN) logically separating IDPS traffic from all other enclave traffic. (Cat II impact)
Discussion
All IDPS data collected by agents in the enclave at required locations must also be protected by logical separation when in transit from the agent to the management or database servers located on the Network Management subnet.
Check Content
Review the network topology diagram and interview the ISSO to determine how the IDPS traffic between the sensor and the security management or sensor data collection servers is transported. If the IDPS traffic does not traverse a dedicated VLAN logically separating IDPS traffic from all other enclave traffic, this is a finding.
Fix Text
Design a communications path for OOB traffic or create a VLAN for IDPS traffic to protect the data.
Additional Identifiers
Rule ID: SV-251340r805975_rule
Vulnerability ID: V-251340
Group Title: NET-IDPS-025
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |