UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must uniquely identify destination domains for information transfer.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000026-FW-000024 SRG-NET-000026-FW-000024 SRG-NET-000026-FW-000024_rule Medium
Description
Identifying source and destination domain addresses for information flows within the network allows forensic reconstruction of events when required, and increases policy compliance by attributing policy violations to specific individuals. Means to enforce this enhancement include ensuring the firewall distinguishes between information systems and organizations, and between specific system components or individuals involved in sending and receiving information. Examples of information transfer for the firewall is communications with the router, IPS, or central logging server. Without unique identifiers, the audit records of these information transfers would not be useful when tracking possible violations.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000026-FW-000024_chk )
Verify the firewall uses a unique identifier for the destination domain (e.g., IP address) of information transfer sessions.
View log entries to verify the information tracked include destination domain information for network elements involved in information transfer.

If the unique identifier for the destination domain is not logged for information transfer sessions, this is a finding.
Fix Text (F-SRG-NET-000026-FW-000024_fix)
Configure the firewall implementation to log information transfer events. Configure the event entry to include destination domain unique identifier (e.g., IP address).