The IDPS must be configured to remove or disable non-essential features, functions, and services of the IDPS application.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-206879 | SRG-NET-000131 | SRG-NET-000131-IDPS-00097 | SV-206879r382903_rule | 2025-05-19 | 3 |
| Description |
|---|
| An IDPS can be capable of providing a wide variety of capabilities. Not all of these capabilities are necessary. Unnecessary services, functions, and applications increase the attack surface (sum of attack vectors) of a system. These unnecessary capabilities are often overlooked and therefore may remain unsecured. This requirement applies to unnecessary features of the IDPS application itself. |
| ℹ️ Check |
|---|
| Verify the IDPS is configured to remove or disable non-essential features, functions, and services of the IDPS application. If the IDPS is not configured to remove or disable non-essential features, functions, and services of the IDPS application, this is a finding. |
| ✔️ Fix |
|---|
| Configure the IDPS to remove or disable non-essential features, functions, and services of the IDPS application. |