← Back to Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide

V-34625

CAT II (Medium)

The IDPS must be configured to remove or disable non-essential features, functions, and services of the IDPS application.

Rule ID

SV-45500r2_rule

STIG

Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide

Version

V2R6

CCIs

CCI-000381

Discussion

An IDPS can be capable of providing a wide variety of capabilities. Not all of these capabilities are necessary. Unnecessary services, functions, and applications increase the attack surface (sum of attack vectors) of a system. These unnecessary capabilities are often overlooked and therefore may remain unsecured.<br /><br />This requirement applies to unnecessary features of the IDPS application itself.

Check Content

Verify the IDPS is configured to remove or disable non-essential features, functions, and services of the IDPS application.<br /><br />If the IDPS is not configured to remove or disable non-essential features, functions, and services of the IDPS application, this is a finding.

Fix Text

Configure the IDPS to remove or disable non-essential features, functions, and services of the IDPS application.