Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The firewall implementation must detect unauthorized changes to software and information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000271-FW-000158 | SRG-NET-000271-FW-000158 | SRG-NET-000271-FW-000158_rule | Medium |
| Description |
|---|
| The firewall implementation must employ integrity verification tools to detect unauthorized changes to software and firmware are used on the firewall. Anomalous behavior and unauthorized changes must be detected before the firewall is breached or no longer in service. This requirement is usually fulfilled by installing a host-based integrity tool (e.g., HIDS) at the OS level on each device. The integrity software monitors and detects unauthorized changes to the firewall application and the OS. However, since many network appliances are unable to run integrity software, other solutions such as periodic scanning or integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications are also acceptable. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000271-FW-000158_chk ) |
|---|
| If a HIDS is installed at the OS level of the firewall, this is not applicable. Verify integrity verification tools to detect unauthorized changes to software and firmware are used to monitor the firewall application. If the firewall implementation does not detect unauthorized changes to software and information, this is a finding. |
| Fix Text (F-SRG-NET-000271-FW-000158_fix) |
|---|
| Configure the firewall implementation to detect unauthorized changes to software and information. |