STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The firewall must generate traffic log records when attempts are made to send packets between security zones that are not authorized to communicate.

DISA Rule

SV-206714r604133_rule

Vulnerability Number

V-206714

Group Title

SRG-NET-000493

Rule Version

SRG-NET-000493-FW-000007

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

Configure the firewall central audit server stanza to generate traffic log records when attempts are made to send packets between security zones that are not authorized to communicate.

Check Contents

View the configuration of the firewall or the central audit server log records.

Verify the firewall generates traffic log records when attempts are made to send packets between security zones that are not authorized to communicate.

If the firewall does not generate traffic log records when attempts are made to send packets between security zones that are not authorized to communicate, this is a finding.

Vulnerability Number

V-206714

Documentable

False

Rule Version

SRG-NET-000493-FW-000007

Severity Override Guidance

View the configuration of the firewall or the central audit server log records.

Verify the firewall generates traffic log records when attempts are made to send packets between security zones that are not authorized to communicate.

If the firewall does not generate traffic log records when attempts are made to send packets between security zones that are not authorized to communicate, this is a finding.

Check Content Reference

M

Target Key

2912

Comments