Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000019-FW-000018 | SRG-NET-000019-FW-000018 | SRG-NET-000019-FW-000018_rule | Medium |
Description |
---|
Information flow controls are mechanisms which regulates where information is allowed to travel between interconnected systems. This control applies to the flow of information between the firewall and other network devices. Information flow varies based on the specific implementation of the firewall. The flow of all traffic to and from the firewall implementation must be monitored and controlled so this information does not introduce any unacceptable risk to the network or the firewall. Example: An IPS sensor may detect an event and update the network firewall ACL. |
STIG | Date |
---|---|
Firewall Security Requirements Guide | 2012-12-10 |
Check Text ( C-SRG-NET-000019-FW-000018_chk ) |
---|
View each firewall's configuration. Verify communication between the firewall and other network elements are configured to allow only explicitly authorized devices to access, monitor, or modify the firewall. If the firewall is not configured to enforce approved authorizations for controlling the flow of information between interconnected systems in accordance with applicable policy, this is a finding. |
Fix Text (F-SRG-NET-000019-FW-000018_fix) |
---|
Remove configuration information for unauthorized network devices from the communication functionality of the firewall. Explicitly configure authorized devices in the communication functionality of the firewall. |