STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The firewall must disable or remove unnecessary network services and functions that are not used as part of its role in the architecture.

DISA Rule

SV-206690r604133_rule

Vulnerability Number

V-206690

Group Title

SRG-NET-000131

Rule Version

SRG-NET-000131-FW-000025

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Display and remove unnecessary licenses, services, and functions from the firewall. Examples include NTP, DNS, and DHCP.

Note: Only remove unauthorized services. This control is not intended to restrict the use of network devices with multiple authorized roles.

Check Contents

Review the documentation and architecture for the device or check the system-installed licenses or services.

Determine what services and functions are installed on the firewall. Compare installed services and functions to the documentation showing the approved services.

If unneeded services and functions are installed on the device but are not part of the documented role of the device, this is a finding.

Vulnerability Number

V-206690

Documentable

False

Rule Version

SRG-NET-000131-FW-000025

Severity Override Guidance

Review the documentation and architecture for the device or check the system-installed licenses or services.

Determine what services and functions are installed on the firewall. Compare installed services and functions to the documentation showing the approved services.

If unneeded services and functions are installed on the device but are not part of the documented role of the device, this is a finding.

Check Content Reference

M

Target Key

2912

Comments