The firewall implementation must uniquely identify source domains for information transfer.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000024-FW-000023 | SRG-NET-000024-FW-000023 | SRG-NET-000024-FW-000023_rule | Medium |
| Description |
|---|
| Identifying source and destination addresses for information flows within the network allows forensic reconstruction of events when required, and increases policy compliance by attributing policy violations to specific individuals. Means to enforce this enhancement include ensuring the network element distinguishes between information systems and organizations, and between specific system components or individuals involved in sending and receiving information. Examples of information transfer for the firewall is communications with the router, IPS, or central logging server. Without unique identifiers, the audit records of these information transfers would not be useful when tracking possible violations. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000024-FW-000023_chk ) |
|---|
| Verify the firewall uses a unique identifier (e.g., IP address) for source domain to track and log information transfer sessions between the firewall and other network elements. View log entries to verify the information tracked includes a unique identifier for network elements involved in information transfer. If a unique identifier for each component is not logged for information transfer sessions, this is a finding. |
| Fix Text (F-SRG-NET-000024-FW-000023_fix) |
|---|
| Configure the firewall implementation to log information transfer events. Configure the system, so each event record contains a unique identifier for component identification and session. |