The Intrusion Detection and Prevention System (IDPS) software and signatures must be updated when updates are provided by the vendor.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251347 | NET-IDPS-035 | SV-251347r805996_rule | CCI-000366 | low |
| Description | ||||
| Keeping the IDPS software updated with the latest engine and attack signatures will allow for the IDPS to detect all forms of known attacks. Not maintaining the IDPS properly could allow for attacks to go unnoticed. | ||||
| STIG | Date | |||
| Network Infrastructure Policy Security Technical Implementation Guide | 2024-08-02 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · V10R7 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · V10R7 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · V10R7 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · V10R7 · disa_xccdf · related
Details
Check Text (C-251347r805996_chk)
Interview the ISSO and the IDPS administrator. Have the IDPS administrator display update notifications that have been received, the build number or patch level, then search the vendor's vulnerability database for current release and patch level.
If software and signatures are not updated when updates are provided by the vendor, this is a finding.
Fix Text (F-54735r805995_fix)
Have the IDPS administrator subscribe to the X-press notification or similar service offered by the vendor. Ensure the IDPS software is updated when software is available either by DISA or the vendor for security related distributions.