Sensor traffic in transit must be protected at all times via an Out-of-Band (OOB) network or an encrypted tunnel between site locations.

From Network Infrastructure Policy Security Technical Implementation Guide

Part of IDS traffic in transit is transmitted unprotected

Associated with: CCI-000366

SV-20031r2_rule Sensor traffic in transit must be protected at all times via an Out-of-Band (OOB) network or an encrypted tunnel between site locations.

Vulnerability discussion

User interface services must be physically or logically separated from data storage and management services. Data from IDS sensors must be protected by confidentiality controls; from being lost and altered.

Check content

Review the network topology diagram and interview the ISSO to determine how the IDS sensor data is transported between sites. If it is not transported across an OOB network or an encrypted tunnel, this is a finding.

Fix text

Design a communications path for OOB traffic or create an encrypted tunnel using a FIPS 140-2 validated encryption algorithm to protect data.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer