STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Network Infrastructure Policy Security Technical Implementation Guide

V-251336

CAT II (Medium)

An Intrusion Detection and Prevention System (IDPS) sensor must be deployed to monitor the network segment hosting web, application, and database servers.

Rule ID

SV-251336r853643_rule

STIG

Network Infrastructure Policy Security Technical Implementation Guide

Version

V10R7

CCIs

CCI-001097, CCI-001255, CCI-002668

Discussion

Attacks can originate within the enclave boundary. Hence, deploying an IDPS on the network segment hosting web, application, and database servers is imperative. The servers are critical resource and the network segment hosting them will receive the most traffic within the enclave. Deploying IDPS on this network is promotes defense-in-depth principles that will enable operations to detect attacks quickly and take corrective actions.

Check Content

Review topology of the network segment hosting the web, application, and database servers. 

If this segment is not being monitored by an IDPS sensor, this is a finding.

Fix Text

Implement an IDPS strategy to monitor the network segment hosting web, application, and database servers.