UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall must not utilize any services or capabilities that are not necessary for the administration of the firewall.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3054 NET0377 SV-3054r3_rule Medium
Description
The risk of an attack increases with more services enabled on the firewall, since the firewall will listen for these services. If non-firewall services (e.g., DNS servers, e-mail client servers, ftp servers, web servers, etc.) are part of the standard firewall suite and are not necessary for administration of the firewall, they will be uninstalled or disabled.
STIG Date
Firewall Security Technical Implementation Guide 2017-12-07

Details

Check Text ( C-3672r3_chk )
Have the Firewall Administrator display the services running on the firewall appliance or underlying OS. CAVEAT: Anti-virus software running on the firewall's OS would be an exception to the above requirement. It is recommended that anti-virus software be implemented on any non-appliance firewall if supported. However, it is not a finding if anti-virus software has not been implemented.

If services that are not necessary for the administration of the firewall are found to be running on the firewall, this is a finding.
Fix Text (F-3079r2_fix)
The Firewall Administrator will only utilize services related to the operation of the firewall. Any unnecessary services, even if they are part of the firewall standard suite, must be uninstalled or disabled.