The IDPS must be configured to remove or disable non-essential features, functions, and services of the IDPS application.
An XCCDF Rule
Description
<VulnDiscussion>An IDPS can be capable of providing a wide variety of capabilities. Not all of these capabilities are necessary. Unnecessary services, functions, and applications increase the attack surface (sum of attack vectors) of a system. These unnecessary capabilities are often overlooked and therefore may remain unsecured. This requirement applies to unnecessary features of the IDPS application itself.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-45500r2_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the IDPS to remove or disable non-essential features, functions, and services of the IDPS application.