The IDPS must perform real-time monitoring of files from external sources at network entry/exit points.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-206888	SRG-NET-000248	SRG-NET-000248-IDPS-00206	SV-206888r982259_rule	2024-12-05	3

Description
Real-time monitoring of files from external sources at network entry/exit points helps to detect covert malicious code before it is downloaded to or executed by internal and external endpoints. Using malicious code, such as viruses, worms, Trojan horses, and spyware, an attacker may gain access to sensitive data and systems. IDPSs innately meet this requirement for real-time scanning for malicious code when properly configured to meet the requirements of this SRG. However, most products perform communications traffic inspection at the packet level.

Description

Real-time monitoring of files from external sources at network entry/exit points helps to detect covert malicious code before it is downloaded to or executed by internal and external endpoints. Using malicious code, such as viruses, worms, Trojan horses, and spyware, an attacker may gain access to sensitive data and systems. IDPSs innately meet this requirement for real-time scanning for malicious code when properly configured to meet the requirements of this SRG. However, most products perform communications traffic inspection at the packet level.

ℹ️ Check
Verify the IDPS performs real-time monitoring of files from external sources at network entry/exit points. If the IDPS does not perform real-time monitoring of files from external sources at network entry/exit points, this is a finding.

✔️ Fix
Configure the IDPS to perform real-time monitoring of files from external sources at network entry/exit points.