The firewall implementation must disable use of organizationally defined networking protocols (on the firewall) deemed nonsecure, except for explicitly identified components in support of specific operational requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000067-FW-000049	SRG-NET-000067-FW-000049	SRG-NET-000067-FW-000049_rule		Medium

Description
Some networking protocols that allow remote access may not meet the security requirements to protect data and components. The organization can either make a determination as to the relative security of the networking protocol or firewall the security decision on the assessment of other entities. Unsecure protocols must be turned off at the device level or the firewall may be using these protocols. These protocols are often enabled by default; therefore the system administrator must utilize an explicit command to disable the disallowed protocols.

Description

Some networking protocols that allow remote access may not meet the security requirements to protect data and components. The organization can either make a determination as to the relative security of the networking protocol or firewall the security decision on the assessment of other entities. Unsecure protocols must be turned off at the device level or the firewall may be using these protocols. These protocols are often enabled by default; therefore the system administrator must utilize an explicit command to disable the disallowed protocols.

STIG	Date
Firewall Security Requirements Guide	2012-12-10

Details

Check Text ( C-SRG-NET-000067-FW-000049_chk )
Verify networking protocols which are not allowed in accordance with organizationally defined policies are disabled. If networking protocols, which are not allowed in accordance with organizationally defined policies, are not disabled, this is a finding.

Fix Text (F-SRG-NET-000067-FW-000049_fix)
In the device configuration, disable protocols which are disallowed based on organizationally defined policy.