The firewall implementation must implement an isolation boundary to minimize the number of non-security functions included within the boundary containing security functions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000187-FW-000114 | SRG-NET-000187-FW-000114 | SRG-NET-000187-FW-000114_rule | Medium |
| Description |
|---|
| The firewall implementation must be designed and configured to minimize the number of non-security functions included within the boundary containing security functions. An isolation boundary, implemented via partitions and domains, must be used to minimize the mixture of these functions, thus minimizing the risk of leakage or corruption of privileged information. This control is normally a function of the firewall application design and is usually not a configurable setting; however, in some applications, there may be settings that must be configured to optimize function isolation. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000187-FW-000114_chk ) |
|---|
| Verify the application is designed to separate security functions from non-security functions (e.g., use of separate address space) for executing processes. If an isolation boundary which minimizes the number of non-security functions included within the boundary containing security functions is not implemented, this is a finding. |
| Fix Text (F-SRG-NET-000187-FW-000114_fix) |
|---|
| Enable administrator configurable settings, if any, to create an isolation boundary which separates non-security functions from security functions within the firewall application. |