The network element must notify the user of organizationally defined security related changes to the user's account occurring during the organizationally defined time period.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000052-FW-NA	SRG-NET-000052-FW-NA	SRG-NET-000052-FW-NA_rule		Low

Description
Providing users with information regarding organizationally defined security related changes to the user's account occurring during the organizationally defined time period, allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. Changes to the user account during a specific time period could be an indication of the account being compromised. Hence, without notification to the user, the compromise could go undetected if other controls were not in place to mitigate this risk. Implementation of this requirement does not add significantly to the security posture of the firewall implementation, thus this is not a required control.

Description

Providing users with information regarding organizationally defined security related changes to the user's account occurring during the organizationally defined time period, allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators. Changes to the user account during a specific time period could be an indication of the account being compromised. Hence, without notification to the user, the compromise could go undetected if other controls were not in place to mitigate this risk. Implementation of this requirement does not add significantly to the security posture of the firewall implementation, thus this is not a required control.

STIG	Date
Firewall Security Requirements Guide	2012-12-10

Details

Check Text ( C-SRG-NET-000052-FW-NA_chk )
This requirement is NA for firewall. No fix required.

Fix Text (F-SRG-NET-000052-FW-NA_fix)
This requirement is NA for firewall. No fix required.