UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must capture and log organizationally defined additional information (identified by type, location, or subject) to the records for firewall application events.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-999999-FW-000194 SRG-NET-999999-FW-000194 SRG-NET-999999-FW-000194_rule Low
Description
Firewall application logs must be configured to capture all organizationally defined information deemed necessary for possible event investigation and traceability. This additional information may include timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications, file names involved, and access control or flow control rules invoked. This capability is critical for accurate forensic analysis.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-999999-FW-000194_chk )
Verify log view setting can be reorganized to view the log entries by type, location or subject.
Verify the application logs categorize each event logged by a minimum event type, location, and a description of the event.

If firewall implementation application log entries do not include a minimum of event type, location, and a description of the event for each event captured, this is a finding.
Fix Text (F-SRG-NET-999999-FW-000194_fix)
Configure the firewall implementation and central management server to categorize each alert. Alerts will include event type, location, and a description of the event.