The firewall implementation must use cryptographic mechanisms to protect the integrity of audit log information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000106-FW-000067 | SRG-NET-000106-FW-000067 | SRG-NET-000106-FW-000067_rule | Medium |
| Description |
|---|
| Without the use of mechanisms, such as a signed hash using asymmetric cryptography, the integrity of the collected audit data is not fully protected. The application level audit trail log stores auditing results of enforcement actions based on the access control restrictions and other security policy for the firewall itself. This control requires the configuration of a cryptographic module with strong integrity protection. Integrity protection is provided by the hashing algorithm used by the cryptographic module. Use of FIPS-validated or NSA-approved cryptography as required by CCI- 001144 will ensure compliance. Encryption of active log files (collection) is not a common capability, especially on systems that generate large volumes of events such as a firewall. This requirement is only applicable if cryptography is required by the data owner or organizational policy. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000106-FW-000067_chk ) |
|---|
| Examine the cryptographic module used for storing and transmitting event audit logs. Verify the cryptographic module is configured to use an asymmetric hashing algorithm which uses asymmetric cryptography (e.g., SHA-2 or MD5). If audit logs are not configured to use hashing algorithms which use asymmetric cryptography, this is a finding. |
| Fix Text (F-SRG-NET-000106-FW-000067_fix) |
|---|
| Configure audit logs to use hashing algorithms which use asymmetric cryptography in storage and during transmission. |