Free DISA STIG and SRG Library | Vaulted

V-55363

The IDPS must send an immediate (within seconds) alert to, at a minimum, the SCA when malicious code is detected.

Finding ID
SRG-NET-000249-IDPS-00222
Rule ID
SV-69609r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-NET-000249-IDPS-00222
CCI
CCI-001243
Target Key
(None)
Documentable
No
Discussion

Without an alert, security personnel may be unaware of an impending failure of the audit capability, and the ability to perform forensic analysis and detect rate-based and other anomalies will be impeded. The IDPS generates an immediate (within seconds) alert which notifies designated personnel of the incident. Sending a message to an unattended log or console does not meet this requirement since that will not be seen immediately. These messages should include a severity level indicator or code as an indicator of the criticality of the incident.

Fix Text

Configure the IDPS to send an immediate (within seconds) alert to, at a minimum, the SCA when malicious code is detected.

Check Content

Verify the IDPS sends an immediate (within seconds) alert to, at a minimum, the SCA when malicious code is detected. If the IDPS does not send an immediate (within seconds) alert to, at a minimum, the SCA when malicious code is detected, this is a finding.