The IDPS must implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-263664	SRG-NET-000715-IDPS-00120	SV-263664r991598_rule		Medium

Description

Separating critical system components and functions from other noncritical system components and functions through separate subnetworks may be necessary to reduce susceptibility to a catastrophic or debilitating breach or compromise that results in system failure. For example, physically separating the command and control function from the in-flight entertainment function through separate subnetworks in a commercial aircraft provides an increased level of assurance in the trustworthiness of critical system functions.

STIG	Date
Intrusion Detection and Prevention Systems Security Requirements Guide	2025-05-19

Details

Check Text (C-67577r982570_chk)

Verify the IDPS is configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.

If the IDPS is not configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions, this is a finding.

Fix Text (F-67485r982266_fix)

Configure the IDPS to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.