UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must allow designated organizational personnel to select which auditable events are to be audited by specific components of the system.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000114-FW-000071 SRG-NET-000114-FW-000071 SRG-NET-000114-FW-000071_rule Low
Description
Logging the actions of specific events provides a way to investigate an attack, recognize resource utilization or capacity thresholds, or to identify an improperly configured network element. If administrators do not have granular control of the rule to be applied and logged for later analysis, then malicious attacks may be missed. Configuration of the audit log, particularly the audit events captured must be restricted to access by designated individuals only.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000114-FW-000071_chk )
Obtain a list of organizationally defined events which should be logged.
Verify this list of events is configured for logging by viewing the firewall event alert functionality.

If the firewall implementation does not allow administrators to select which auditable events are logged, this is a finding.
Fix Text (F-SRG-NET-000114-FW-000071_fix)
Configure the firewall implementation settings to allow authorized personnel to select which auditable events are audited.