The firewall implementation must be configured to prohibit or restrict the use of organizationally defined functions, ports, protocols, and/or services.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000132-FW-000081 | SRG-NET-000132-FW-000081 | SRG-NET-000132-FW-000081_rule | Medium |
| Description |
|---|
| A compromised firewall introduces risk to the entire network infrastructure. A fundamental step in securing each firewall is to disable or restrict the use of functions, ports, protocols, and/or services. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000132-FW-000081_chk ) |
|---|
| View the configuration and vendor documentation of the firewall application to find the minimum functions, ports, protocols, and services which are required for operation of the firewall. Compare enabled functions, ports, protocols, and/or services with the Ports, Protocol, and Service Management (PPSM) requirements. If functions, ports, protocols, and/or services are not disabled or restricted as required by the PPSM, this is a finding. |
| Fix Text (F-SRG-NET-000132-FW-000081_fix) |
|---|
| Disable functions, ports, protocols, and/or services not required for operation of the firewall application. |