STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Intrusion Detection and Prevention Systems Security Requirements Guide

V-278979

CAT II (Medium)

The IDPS must provide visibility into network traffic at external and key internal system interfaces to optimize the effectiveness of monitoring devices.

Rule ID

SV-278979r1137725_rule

STIG

Intrusion Detection and Prevention Systems Security Requirements Guide

Version

V3R4

CCIs

CCI-004982

Discussion

Encrypted traffic, asymmetric routing architectures, capacity and latency limitations, and transitioning from older to newer technologies (e.g., IPv4 to IPv6 network protocol transition) may result in blind spots for organizations when analyzing network traffic. Collecting, decrypting, pre-processing, and distributing only relevant traffic to monitoring devices can streamline the efficiency and use of devices and optimize traffic analysis. This requirement also applies to Zero Trust initiatives.

Check Content

Verify the IDPS is configured to provide visibility into network traffic at external and key internal system interfaces to optimize the effectiveness of monitoring devices.

If the IDPS does not provide visibility into network traffic at external and key internal system interfaces to optimize the effectiveness of monitoring devices, this is a finding.

Fix Text

Configure the IDPS to provide visibility into network traffic at external and key internal system interfaces to optimize the effectiveness of monitoring devices.