UCF STIG Viewer Logo

If the site has a non-DoD external connection (i.e. Approved Gateway), an Intrusion Detection and Prevention System (IDPS) must be located between the sites Approved Gateway and the perimeter router.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14634 NET0168 SV-15259r3_rule Medium
Description
The incorrect placement of the external IDPS may allow unauthorized access to go undetected and limit the ability of security personnel to stop malicious or unauthorized use of the network. In order to ensure that an attempted or existing attack goes unnoticed, the data from the sensors must be monitored continuously.
STIG Date
Network Infrastructure Policy Security Technical Implementation Guide 2016-07-11

Details

Check Text ( C-12650r3_chk )
Inspect the network topology and physical connectivity to verify compliance.

If the site has a non-DoD external connection and does not have an IDPS located between the site’s Approved Gateway and the perimeter router, this is a finding.
Fix Text (F-14096r3_fix)
Install and configure an IDPS between the site’s Approved Gateway and the premise router.