The firewall implementation must enforce organizationally defined one-way traffic flows.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000032-FW-000028 | SRG-NET-000032-FW-000028 | SRG-NET-000032-FW-000028_rule | Medium |
| Description |
|---|
| The flow of all network traffic must be controlled, so it does not introduce any unacceptable risk to the network infrastructure or data. Information flow control regulates where information is allowed to travel within a network and between interconnected networks. This control requires the organization implement hardware mechanisms, such as the firewall, to enforce one-way traffic flows. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000032-FW-000028_chk ) |
|---|
| If the site does not require one-way traffic enforcement, this is not applicable. Verify ACLs or policy filters exist to monitor network traffic for violations of one-way traffic flow restrictions. Verify the unauthorized traffic is dropped. If a rule or security policy which enforces one-way traffic does not exist, this is a finding. |
| Fix Text (F-SRG-NET-000032-FW-000028_fix) |
|---|
| Configure the firewall implementation ACLs or security policy to block traffic flowing in unauthorized directions on the controlled network segment. |