Free DISA STIG and SRG Library | Vaulted

V-34759

The IDPS must verify the integrity of updates obtained directly from the vendor.

Finding ID
SRG-NET-000246-IDPS-00175
Rule ID
SV-45683r2_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-NET-000246-IDPS-00175
CCI
CCI-001240
Target Key
(None)
Documentable
No
Discussion

If the integrity of updates downloaded directly from the vendor is not verified, then malicious code or errors may impact the ability of the IDPS to protect against harmful communication traffic. The recommended verification method depends on the update's format, as follows: 1. For files downloaded from a Web site or FTP site, administrators should compare file checksums provided by the vendor with checksums that they compute for the downloaded files. 2. For updates downloaded automatically through the IDPS user interface, if an update is downloaded as a single file or a set of files, either checksum provided by the vendor should be compared to checksums generated by the administrator, or the IDPS user interface itself should perform some sort of integrity check. In some cases, updates are downloaded and installed as one action, precluding checksum verification. In this case, the IDPS user interface should check each update' s integrity as part of this process. 3. In the case of removable media (e.g., CD, DVD), vendors may not provide a specific method for customers to verify the legitimacy of removable media apparently sent by the vendors. If media verification is a concern, administrators should contact their vendors to determine how the media can be verified, such as comparing vendor-provided checksums to checksums computed for files on the media, or verifying digital signatures on the media's contents to ensure they are valid. Administrators should also consider scanning the media for malware, with the caveat that false positives may be triggered by IDPS signatures for malware on the media.

Fix Text

Configure the IDPS to verify the integrity of updates obtained directly from the vendor.

Check Content

Verify the IDPS verifies the integrity of updates obtained directly from the vendor. If the IDPS does not verify the integrity of updates obtained directly from the vendor, this is a finding.