The firewall implementation must initiate session audits at system start-up.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000310-FW-000171 | SRG-NET-000310-FW-000171 | SRG-NET-000310-FW-000171_rule | Medium |
| Description |
|---|
| Without session level auditing, IA and IT professionals do not have the complete picture, in detail, of what is transpiring on their systems. Without the session level auditing capability, it is difficult to determine when a specific action was taken on the system and perform forensic analysis if there is an attack, or troubleshoot a problem. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000310-FW-000171_chk ) |
|---|
| Review the firewall configuration to determine if the system is configured to audit sessions upon start up of the system. Review the log files of the logging utility on the platform to determine if the auditing is actually taking place. If session level auditing is not taking place upon startup of the firewall, this is a finding. |
| Fix Text (F-SRG-NET-000310-FW-000171_fix) |
|---|
| Configure the firewall implementation to perform session level auditing upon startup. |