Rule ID
SV-206865r1137717_rule
Version
V3R4
CCIs
Restricting the communications traffic as it crosses external/perimeter boundaries, also known as information flow control, helps prevent malicious or suspicious access. The IPS must be configured to leverage policy filters, rules, signatures, and/or behavior analysis algorithms that inspects and restricts traffic based on the characteristics of the information and/or the information path. Inspection is based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic. DOD has defined the actions required upon the detection of harmful or suspicious traffic is to restrict, redirect, drop, or block the traffic. Specific actions taken depends on the site's security plan and the device's capabilities. This requirement also applies to Zero Trust initiatives.
If the device being reviews is an IDS, this is not applicable. Verify the IPS enforces approved authorizations by restricting or blocking the flow of harmful or suspicious communications traffic for controlling the flow of information between interconnected networks. If the IPS does not enforce approved authorizations by restricting or blocking the flow of harmful or suspicious communications traffic for controlling the flow of information between interconnected networks, this is a finding.
Configure the IPS to enforce approved authorizations by restricting or blocking the flow of harmful or suspicious communications traffic for controlling the flow of information between interconnected networks.