The firewall implementation must protect the integrity of transmitted information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000207-FW-000131	SRG-NET-000207-FW-000131	SRG-NET-000207-FW-000131_rule		Medium

Description
Integrity protection mechanisms must be used to facilitate the detection of changes made to transmitted information unless the transmission is otherwise protected by alternative physical measures. If connectivity is provided by a commercial service provider rather than a dedicated service, obtaining the necessary assurances regarding the implementation of needed security controls for transmission integrity may not be possible. Without integrity controls, information traveling over commercial networks could be altered or compromised without detection. Therefore, these controls must be obtained from the service provider using appropriate contracting vehicles. If this is not feasible, then the organization will implement physical or logical compensating security controls.

Description

Integrity protection mechanisms must be used to facilitate the detection of changes made to transmitted information unless the transmission is otherwise protected by alternative physical measures. If connectivity is provided by a commercial service provider rather than a dedicated service, obtaining the necessary assurances regarding the implementation of needed security controls for transmission integrity may not be possible. Without integrity controls, information traveling over commercial networks could be altered or compromised without detection. Therefore, these controls must be obtained from the service provider using appropriate contracting vehicles. If this is not feasible, then the organization will implement physical or logical compensating security controls.

STIG	Date
Firewall Security Requirements Guide	2012-12-10

Details

Check Text ( C-SRG-NET-000207-FW-000131_chk )
This control does not apply if the information is protected by a physical security solution (e.g., Protective Distribution System [PDS] or physical access control) while in transit. Inspect the configuration for each firewall interface. Verify an integrity mechanism is used to check the integrity of transmitted information. If the firewall implementation does not protect the integrity of information transmitted, this is a finding.

Check Text ( C-SRG-NET-000207-FW-000131_chk )

This control does not apply if the information is protected by a physical security solution (e.g., Protective Distribution System [PDS] or physical access control) while in transit.

Inspect the configuration for each firewall interface. Verify an integrity mechanism is used to check the integrity of transmitted information.

If the firewall implementation does not protect the integrity of information transmitted, this is a finding.

Fix Text (F-SRG-NET-000207-FW-000131_fix)
Configure the firewall implementation to protect the integrity of transmitted information.