UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must generate application log records for success or failure of firewall rules as determined by the organization to be relevant to the security of the network infrastructure.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-999999-FW-000186 SRG-NET-999999-FW-000186 SRG-NET-999999-FW-000186_rule Medium
Description
As the firewall rules are applied on each firewall, event log entries are entered into the firewall application log. Firewall event are usually stored on each device and periodically transferred to a central database or the network logging server. Centrally logging the security events provides a central location to store, view, analyze, and produce detailed reports on alerts. Organizations must define a firewall security policy and firewall rules which support this policy. Success or failure of the firewall rules must be logged in the application log. The organization must define which rules are to be logged or sent in an alert.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-999999-FW-000186_chk )
Obtain a list of organizationally defined events which must be logged upon detection by the firewall.
Navigate to the management functionality for the firewall implementation log. Search for a sampling of these events in the firewall application log.

If the firewall implementation log records do not show records for success or failure of firewall rules, as determined by the organization to be relevant to the security of the network infrastructure, this is a finding.
Fix Text (F-SRG-NET-999999-FW-000186_fix)
Obtain a list of organizationally defined events which must be logged upon detection by the firewall.
Configure the firewall implementation to log the required events.