Sensor traffic in transit must be protected at all times via an Out-of-Band (OOB) network or an encrypted tunnel between site locations.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251339 | NET-IDPS-024 | SV-251339r805972_rule | CCI-000366 | medium |
| Description | ||||
| User interface services must be physically or logically separated from data storage and management services. Data from IDS sensors must be protected by confidentiality controls; from being lost and altered. | ||||
| STIG | Date | |||
| Network Infrastructure Policy Security Technical Implementation Guide | 2024-08-02 | |||
Details
Check Text (C-251339r805972_chk)
Review the network topology diagram and interview the ISSO to determine how the IDS sensor data is transported between sites.
If it is not transported across an OOB network or an encrypted tunnel, this is a finding.
Fix Text (F-54727r805971_fix)
Design a communications path for OOB traffic or create an encrypted tunnel using a FIPS 140-2 validated encryption algorithm to protect data.