UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must protect the integrity and availability of publicly available information and applications.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000224-FW-000139 SRG-NET-000224-FW-000139 SRG-NET-000224-FW-000139_rule Medium
Description
Public-facing servers enable access to information by clients outside of the enclave. These servers are subject to greater exposure to attacks. It is imperative that the integrity of the data is maintained to ensure the enclave does not provide false or erroneous information. The firewall implementation must provide the necessary protection to ensure availability and integrity of the data and to reduce or eliminate DoS attacks directed against the servers on the public-facing segment. A firewall implementation must be installed to monitor the publicly available segment (e.g., public DMZ).
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000224-FW-000139_chk )
Examine the architecture diagrams and firewall configuration.
Verify a firewall is installed and configured to monitor and protect the public DMZ.

If a firewall is not installed to protect the public DMZ subnet, this is a finding.
Fix Text (F-SRG-NET-000224-FW-000139_fix)
Install and configure a firewall to monitor the public DMZ subnet.