STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Network Infrastructure Policy Security Technical Implementation Guide

V-251337

CAT II (Medium)

An Intrusion Detection and Prevention System (IDPS) sensor must be deployed to monitor network segments that house network security management servers.

Rule ID

SV-251337r853644_rule

STIG

Network Infrastructure Policy Security Technical Implementation Guide

Version

V10R7

CCIs

CCI-001097, CCI-001255, CCI-002668

Discussion

The initial step in IDPS deployment is determining where sensors should be placed. Because attacks originate at the enclave perimeter and within the enclave boundary an IDPS implementation at the enclave perimeter only will not suffice. By placing IDPS technology throughout the Enterprise Regional enclaves and stand-alone enclaves, system administrators can track the spread of attacks and take corrective actions to prevent attacks reaching critical resources.

Check Content

Review the management network topology and verify network security management servers are being monitored by an IDPS.

If an IDPS sensor is not deployed to monitor all segments housing network security management servers, this is a finding.

Fix Text

Install an IDPS to monitor and protect the Management Network (management subnet or OOB network).