|Finding ID||Version||Rule ID||IA Controls||Severity|
|User interface services must be physically or logically separated from data storage and management services. Data from IDS sensors must be protected by confidentiality controls; from being lost and altered.|
|Network Infrastructure Policy Security Technical Implementation Guide||2017-03-02|
|Check Text ( C-21131r2_chk )|
| Review the network topology diagram and interview the ISSO to determine how the IDS sensor data is transported between sites. |
If it is not transported across an OOB network or an encrypted tunnel, this is a finding.
|Fix Text (F-19086r2_fix)|
|Design a communications path for OOB traffic or create an encrypted tunnel using a FIPS 140-2 validated encryption algorithm to protect data.|