The IDPS must quarantine and/or delete malicious code.

From Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide

Associated with: CCI-001243

SV-69607r1_rule The IDPS must quarantine and/or delete malicious code.

Vulnerability discussion

Configuring the network element to delete and/or quarantine based on local organizational incident handling procedures minimizes the impact of this code on the network.Malicious code includes, but is not limited to, viruses, worms, Trojan horses, and spyware. The code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. Malicious code may also be able to run and attach programs, which may allow the unauthorized distribution of malicious mobile code.Sometimes it is necessary to generate a log event and then automatically delete the malicious code; however, for critical attacks or where forensic evidence is deemed necessary, the preferred action is for the file to be quarantined for further investigation.This requirement is limited to network elements that perform security functions, such as ALG and IDPS.

Check content

Verify the IDPS quarantines and/or delete malicious code. If the IDPS does not quarantine and/or delete malicious code, this is a finding.

Fix text

Configure the IDPS to quarantine and/or delete malicious code.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.