Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000274-FW-000161 | SRG-NET-000274-FW-000161 | SRG-NET-000274-FW-000161_rule | Low |
Description |
---|
Predictable failure prevention requires organizational planning to address system failure issues. If components key to maintaining the system's security fail to function, the system could continue operating in an insecure state. If appropriate actions are not taken when a firewall failure occurs, a DoS condition may occur which could result in mission failure since the network would be operating without a critical security monitoring and prevention function. Upon detecting a failure of firewall security components, the firewall implementation must activate a system alert message, send an alarm, or shut down. |
STIG | Date |
---|---|
Firewall Security Requirements Guide | 2012-12-10 |
Check Text ( C-SRG-NET-000274-FW-000161_chk ) |
---|
Verify the system is configured to automatically send an administrator an alert when the firewall is unexpectedly taken offline or fails. A keep-alive signal or monitoring functionality should be used to detect such failures from a central management tool. If the firewall (or other network device) does not activate an organizationally defined alarm when a firewall system component failure is detected, this is a finding. |
Fix Text (F-SRG-NET-000274-FW-000161_fix) |
---|
Configure the firewall implementation (or other network device such as the log aggregation server) to activate an organizationally defined alarm when a firewall system component failure is detected. |