STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The firewall must generate traffic log entries containing information to establish what type of events occurred.

DISA Rule

SV-206678r604133_rule

Vulnerability Number

V-206678

Group Title

SRG-NET-000074

Rule Version

SRG-NET-000074-FW-000009

Severity

CAT II

CCI(s)

• CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.

Weight

10

Fix Recommendation

Configure the firewall to ensure entries sent to the traffic log include sufficient information to determine the type or category for each event in the traffic log.

Check Contents

Examine the traffic log configuration on the firewall or view several alert events on the organization's central audit server.

Verify the entries sent to the traffic log include sufficient information to determine the type or category for each event in the traffic log.

If the traffic log entries do not include enough information to determine what type of event occurred, this is a finding.

Vulnerability Number

V-206678

Documentable

False

Rule Version

SRG-NET-000074-FW-000009

Severity Override Guidance

Examine the traffic log configuration on the firewall or view several alert events on the organization's central audit server.

Verify the entries sent to the traffic log include sufficient information to determine the type or category for each event in the traffic log.

If the traffic log entries do not include enough information to determine what type of event occurred, this is a finding.

Check Content Reference

M

Target Key

2912

Comments