STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

Sensor traffic in transit must be protected at all times via an Out-of-Band (OOB) network or an encrypted tunnel between site locations.

DISA Rule

SV-20031r2_rule

Vulnerability Number

V-18496

Group Title

IDS traffic in transit is transmitted unprotected

Rule Version

NET-IDPS-024

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Design a communications path for OOB traffic or create an encrypted tunnel using a FIPS 140-2 validated encryption algorithm to protect data.

Check Contents

Review the network topology diagram and interview the ISSO to determine how the IDS sensor data is transported between sites.

If it is not transported across an OOB network or an encrypted tunnel, this is a finding.

Vulnerability Number

V-18496

Documentable

False

Rule Version

NET-IDPS-024

Severity Override Guidance

Review the network topology diagram and interview the ISSO to determine how the IDS sensor data is transported between sites.

If it is not transported across an OOB network or an encrypted tunnel, this is a finding.

Check Content Reference

M

Target Key

838

Comments