STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Trend Micro TippingPoint IDPS Security Technical Implementation Guide

Version

V2R2

Release Date

Sep 16, 2024

SCAP Benchmark ID

TM_TippingPoint_IDPS_STIG

Total Checks

30

Tags

other
CAT I: 3CAT II: 27CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (30)

V-242167MEDIUMTo protect against unauthorized data mining, the TPS must prevent code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.V-242168MEDIUMTo protect against unauthorized data mining, the TPS must prevent code injection attacks launched against application objects including, at a minimum, application URLs and application code.V-242169MEDIUMTo protect against unauthorized data mining, the TPS must prevent SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.V-242170MEDIUMTo protect against unauthorized data mining, the TPS must detect code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.V-242171MEDIUMTo protect against unauthorized data mining, the TPS must detect code injection attacks launched against application objects including, at a minimum, application URLs and application code.V-242172MEDIUMTo protect against unauthorized data mining, the TPS must detect SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.V-242173HIGHThe Trend Micro TippingPoint Security Management System (SMS) must be configured to send security IPS policy to the Trend Micro Threat Protection System (TPS).V-242175MEDIUMThe Trend Micro TPS must immediately use updates made to policy filters, rules, signatures, and anomaly analysis algorithms for traffic detection and prevention functions which are all contained in the Digital Vaccine (DV) updates.V-242176MEDIUMThe TPS must provide audit record generation capability for detection events based on implementation of policy filters, rules, signatures, and anomaly analysis.V-242177MEDIUMThe TPS must provide audit record generation capability for events where communication traffic is blocked or restricted based on policy filters, rules, signatures, and anomaly analysis.V-242186MEDIUMIn the event of a logging failure caused by the lack of audit record storage capacity, the SMS must continue generating and storing audit records, overwriting the oldest audit records in a first-in-first-out manner using Audit Log maintenance.V-242187MEDIUMThe SMS and TPS must provide log information in a format that can be extracted and used by centralized analysis tools.V-242188MEDIUMThe SMS must be configured to remove or disable nonessential capabilities on SMS and TPS, which are not required for operation or not related to IDPS functionality.V-242189MEDIUMThe TPS must detect, at a minimum, mobile code that is unsigned or exhibiting unusual behavior, has not undergone a risk assessment, or is prohibited for use based on a risk assessment.V-242190MEDIUMThe TPS must block any prohibited mobile code at the enclave boundary when it is detected.V-242191MEDIUMThe TPS must fail to a secure state which maintains access control mechanisms when the IDPS hardware, software, or firmware fails on initialization/shutdown or experiences a sudden abort during normal operation (also known as "Fail closed").V-242192MEDIUMThe TPS must protect against or limit the effects of known types of denial-of-service (DoS) attacks by employing signatures.V-242193MEDIUMThe TPS must block outbound traffic containing known and unknown denial-of-service (DoS) attacks by ensuring that security policies, signatures, rules, and anomaly detection techniques are applied to outbound communications traffic.V-242194MEDIUMThe TPS must block outbound ICMP Destination Unreachable, Redirect, and Address Mask reply messages.V-242195MEDIUMThe TPS must block malicious ICMP packets by properly configuring ICMP signatures and rules.V-242196MEDIUMThe TPS must automatically install updates to signature definitions, detection heuristics, and vendor-provided rules.V-242197HIGHThe SMS must install updates on the TPS for application software files, signature definitions, detection heuristics, and vendor-provided rules when new releases are available in accordance with organizational configuration management policy and procedures.V-242198MEDIUMThe TPS must block malicious code.V-242199HIGHThe TPS must generate a log record so an alert can be configured to, at a minimum, the system administrator when malicious code is detected.V-242201MEDIUMThe TPS must detect network services that have not been authorized or approved by the ISSO or ISSM, at a minimum, through use of a site-approved TPS device profile.V-242202MEDIUMThe IDPS must generate an alert to the ISSM and ISSO, at a minimum, when unauthorized network services are detected.V-242203MEDIUMThe IDPS must continuously monitor inbound communications traffic for unusual/unauthorized activities or conditions.V-242204MEDIUMThe TPS must continuously monitor outbound communications traffic for unusual/unauthorized activities or conditions.V-242205MEDIUMThe TPS must send an alert to, at a minimum, the ISSM and ISSO when intrusion detection events are detected which indicate a compromise or potential for compromise.V-242206MEDIUMThe site must register with the Trend Micro TippingPoint Threat Management Center (TMC) in order to receive alerts on threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected which indicate a compromise or potential for compromise.