STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

Products collecting baselines for anomaly-based detection must have their baselines rebuilt based on changes to mission requirements such as Information Operations Conditions (INFOCON) levels and when the traffic patterns are expected to change significantly.

DISA Rule

SV-20039r2_rule

Vulnerability Number

V-18504

Group Title

Anomaly baselines are not periodically rebuilt

Rule Version

NET-IDPS-027

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Establish procedures to update anomaly-based sensors.

Check Contents

Interview the IDPS administrator and determine if anomaly-based detection is deployed in the network. If implemented, ensure that any products collecting baselines for anomaly-based detection have their baselines rebuilt periodically to support accurate detection.

If the collection products do not have their baselines rebuilt periodically, this is a finding.

Vulnerability Number

V-18504

Documentable

False

Rule Version

NET-IDPS-027

Severity Override Guidance

Interview the IDPS administrator and determine if anomaly-based detection is deployed in the network. If implemented, ensure that any products collecting baselines for anomaly-based detection have their baselines rebuilt periodically to support accurate detection.

If the collection products do not have their baselines rebuilt periodically, this is a finding.

Check Content Reference

M

Target Key

838

Comments