Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Cisco ASA must immediately use updates made to policy enforcement mechanisms such as firewall rules, security policies, and security zones.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239853 | CASA-FW-000020 | SV-239853r665845_rule | Medium |
| Description |
|---|
| Information flow policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changes to the Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list, vulnerability assessments, or mission conditions. Changing conditions include changes in the threat environment and detection of potentially harmful or adverse events. |
| STIG | Date |
|---|---|
| Cisco ASA Firewall Security Technical Implementation Guide | 2024-06-06 |
Details
| Check Text ( C-43086r665843_chk ) |
|---|
| By default, when you change a rule-based policy such as access rules, the changes become effective immediately. With transactional model configured, the rules are not active until after compilation. Review the ASA configuration and verify that the following command is not configured. asp rule-engine transactional-commit access-group If transactional-commit access-group has been configured, this is a finding. |
| Fix Text (F-43045r665844_fix) |
|---|
| Remove the command asp rule-engine transactional-commit access-group ASA(config)# no asp rule-engine transactional-commit access-group |