The network element must invoke a system shutdown in the event of a log failure, unless an alternative audit capability exists.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000171-FW-NA	SRG-NET-000171-FW-NA	SRG-NET-000171-FW-NA_rule		Low

Description
It is critical that when a network device is at risk of failing to process audit logs as required, action is taken to mitigate the failure. If the device were to continue processing without auditing capabilities, the firewall or the network could be compromised without logged information available for incident traceback. Some firewall attacks try to generate specific traffic to fill up the logs. Sudden saturation of the log may be an indication of a network attack. However, shutting down the firewall, the network's first line of protection against attack, because of a log failure is not a good best practice. Sudden system shutdown must generate a real-time alert; however that requirement is covered by another control.

Description

It is critical that when a network device is at risk of failing to process audit logs as required, action is taken to mitigate the failure. If the device were to continue processing without auditing capabilities, the firewall or the network could be compromised without logged information available for incident traceback. Some firewall attacks try to generate specific traffic to fill up the logs. Sudden saturation of the log may be an indication of a network attack. However, shutting down the firewall, the network's first line of protection against attack, because of a log failure is not a good best practice. Sudden system shutdown must generate a real-time alert; however that requirement is covered by another control.

STIG	Date
Firewall Security Requirements Guide	2012-12-10

Details

Check Text ( C-SRG-NET-000171-FW-NA_chk )
This requirement is NA for firewall. No fix required.

Fix Text (F-SRG-NET-000171-FW-NA_fix)
This requirement is NA for firewall. No fix required.