STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

If communication with the central audit server is lost, the firewall must generate a real-time alert to, at a minimum, the SCA and ISSO.

DISA Rule

SV-206700r604133_rule

Vulnerability Number

V-206700

Group Title

SRG-NET-000335

Rule Version

SRG-NET-000335-FW-000017

Severity

CAT II

CCI(s)

CCI-001858 - The information system provides a real-time alert in an organization-defined real-time period to organization-defined personnel, roles, and/or locations when organization-defined audit failure events requiring real-time alerts occur.

Weight

Fix Recommendation

Configure the firewall (or another network device) to send an alert via instant message, email, or another authorized method to the SCA, ISSO, and other identified personnel for any log failure event where the filtering functions are unable to write events to the central audit server.

Check Contents

If a network device such as the events, network management, or SNMP server is configured to send an alert when communication is lost with the central audit server, this is not a finding.

Verify the firewall is configured to send an alert via instant message, email, SNMP, or another authorized method to the SCA, ISSO, and other identified personnel when communication is lost with the central audit server.

If the firewall is not configured to send an immediate alert via an approved method when communication is lost with the central audit server, this is a finding.

If communication with the central audit server is lost, the firewall must generate a real-time alert to, at a minimum, the SCA and ISSO.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments