STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Intrusion Detection and Prevention Systems Security Requirements Guide

V-206910

CAT II (Medium)

The IDPS must detect network services that have not been authorized or approved by the ISSO or ISSM, at a minimum.

Rule ID

SV-206910r856547_rule

STIG

Intrusion Detection and Prevention Systems Security Requirements Guide

Version

V3R4

CCIs

CCI-002683

Discussion

Unauthorized or unapproved network services lack organizational verification or validation and therefore may be unreliable or serve as malicious rogues for valid services. Examples of network services include service-oriented architectures (SOAs), cloud-based services (e.g., infrastructure as a service, platform as a service, or software as a service), cross-domain, Voice Over Internet Protocol, Instant Messaging, auto-execute, and file sharing. To comply with this requirement, the IDPS may be configured to detect services either directly or indirectly (i.e., by detecting traffic associated with a service).

Check Content

Verify the IDPS detects network services that have not been authorized or approved by the ISSO or ISSM, at a minimum.

If the IDPS does not detect network services that have not been authorized or approved by the ISSO or ISSM, at a minimum, this is a finding.

Fix Text

Configure the IDPS to detect network services that have not been authorized or approved by the ISSO or ISSM, at a minimum.