UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must use cryptographic mechanisms to protect the integrity of audit log information.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000106-FW-000067 SRG-NET-000106-FW-000067 SRG-NET-000106-FW-000067_rule Medium
Description
Without the use of mechanisms, such as a signed hash using asymmetric cryptography, the integrity of the collected audit data is not fully protected. The application level audit trail log stores auditing results of enforcement actions based on the access control restrictions and other security policy for the firewall itself. This control requires the configuration of a cryptographic module with strong integrity protection. Integrity protection is provided by the hashing algorithm used by the cryptographic module. Use of FIPS-validated or NSA-approved cryptography as required by CCI- 001144 will ensure compliance. Encryption of active log files (collection) is not a common capability, especially on systems that generate large volumes of events such as a firewall. This requirement is only applicable if cryptography is required by the data owner or organizational policy.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000106-FW-000067_chk )
Examine the cryptographic module used for storing and transmitting event audit logs.
Verify the cryptographic module is configured to use an asymmetric hashing algorithm which uses asymmetric cryptography (e.g., SHA-2 or MD5).

If audit logs are not configured to use hashing algorithms which use asymmetric cryptography, this is a finding.
Fix Text (F-SRG-NET-000106-FW-000067_fix)
Configure audit logs to use hashing algorithms which use asymmetric cryptography in storage and during transmission.