Free DISA STIG and SRG Library | Vaulted

V-55323

IDPS must support centralized management and configuration of the content captured in audit records generated by all IDPS components.

Finding ID
SRG-NET-000333-IDPS-00190
Rule ID
SV-69569r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-NET-000333-IDPS-00190
CCI
CCI-001844
Target Key
(None)
Documentable
No
Discussion

Without the ability to centrally manage the content captured in the log records, identification, troubleshooting, and correlation of suspicious behavior would be difficult and could lead to a delayed or incomplete analysis of an attack. Centralized management and storage of log records increases efficiency in maintenance and management of records as well as facilitates the backup and archiving of those records. The IDPS must be configured to support centralized management and configuration of the content to be captured in audit records generated by all network components. IDPS sensors and consoles must have the capability to support centralized logging. They must be configured to send log messages to centralized, redundant servers and be capable of being remotely configured to change logging parameters (such as facility and severity levels).

Fix Text

Configure the IDPS to support centralized management and configuration of the content captured in audit records generated by all IDPS components.

Check Content

Verify the IDPS is configured to support centralized management and configuration of the content captured in audit records generated by all IDPS components. If the IDPS does not support centralized management and configuration of the content captured in audit records generated by all IDPS components, this is a finding.