STIGQter: STIG Summary: Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide Version: 2 Release: 6 Benchmark Date: 24 Jul 2020:

The IDPS must provide audit record generation capability for events where communication traffic is blocked or restricted based on policy filters, rules, signatures, and anomaly analysis.

DISA Rule

SV-45458r2_rule

Vulnerability Number

V-34594

Group Title

SRG-NET-000113-IDPS-00082

Rule Version

SRG-NET-000113-IDPS-00082

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Configure the IDPS to provide audit record generation capability for events where communication traffic is blocked or restricted based on policy filters, rules, signatures, and anomaly analysis algorithms.

Check Contents

Verify the configuration provides audit record generation capability for events where communication traffic is blocked or restricted based on policy filters, rules, signatures, and anomaly analysis algorithms.

If the IDPS does not provide audit record generation capability for events where communication traffic is blocked or restricted based on policy filters, rules, signatures, and anomaly analysis, this is a finding.

Vulnerability Number

V-34594

Documentable

False

Rule Version

SRG-NET-000113-IDPS-00082

Severity Override Guidance

Verify the configuration provides audit record generation capability for events where communication traffic is blocked or restricted based on policy filters, rules, signatures, and anomaly analysis algorithms.

If the IDPS does not provide audit record generation capability for events where communication traffic is blocked or restricted based on policy filters, rules, signatures, and anomaly analysis, this is a finding.

Check Content Reference

M

Target Key

2358

Comments