Check: NET-IDPS-024
Network Infrastructure Policy STIG:
NET-IDPS-024
(in versions v10 r6 through v9 r2)
Title
Sensor traffic in transit must be protected at all times via an Out-of-Band (OOB) network or an encrypted tunnel between site locations. (Cat II impact)
Discussion
User interface services must be physically or logically separated from data storage and management services. Data from IDS sensors must be protected by confidentiality controls; from being lost and altered.
Check Content
Review the network topology diagram and interview the ISSO to determine how the IDS sensor data is transported between sites. If it is not transported across an OOB network or an encrypted tunnel, this is a finding.
Fix Text
Design a communications path for OOB traffic or create an encrypted tunnel using a FIPS 140-2 validated encryption algorithm to protect data.
Additional Identifiers
Rule ID: SV-251339r805972_rule
Vulnerability ID: V-251339
Group Title: NET-IDPS-024
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |