The firewall implementation must enforce security policies regarding information on interconnected systems.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000023-FW-000022 | SRG-NET-000023-FW-000022 | SRG-NET-000023-FW-000022_rule | Medium |
| Description |
|---|
| Transferring information between interconnected information systems of differing security policies introduces the risk of the transfers violating one or more policies. It is imperative for policy guidance from information owners be implemented at the policy enforcement point between the interconnected systems. If the firewall is configured to update other network devices (e.g., firewall ACL) and the update process violates the access control policy of the updated device, this is an issue which must be resolved. However, the firewall implementation must also be configured to monitor and enforce the security policies between other interconnected systems. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000023-FW-000022_chk ) |
|---|
| Inspect the ACLs or policy filters configured to monitor, block and or redirect network traffic based on detected events between interconnected systems. Verify the firewall is configured to enforce the security policies between interconnected systems. If the firewall is not configured to enforce security policies regarding information on interconnected systems, this is a finding. |
| Fix Text (F-SRG-NET-000023-FW-000022_fix) |
|---|
| Configure the firewall implementation and other devices with which it interconnects, so the security policy on all devices is not by-passed. Configure the firewall implementation to enforce security policies regarding information on interconnected systems. |