UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must provide a warning when the application event logging storage capacity reaches an organizationally defined maximum capacity.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-999999-FW-000197 SRG-NET-999999-FW-000197 SRG-NET-999999-FW-000197_rule Low
Description
It is imperative the firewall implementation be configured to allocate storage capacity to contain event log records and an alert be generated when the capacity reaches an organizationally defined threshold. Without this capability, the site could lose valuable data needed for investigating security incidents.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-999999-FW-000197_chk )
Identify how the firewall is configured for this notification. Verify the message is displayed at the remote console if an administrator is already logged in, or when an administrator logs in. Verify the device is capable of generating the alarm or alert and notification as described.

If the firewall implementation does not provide a warning when the logging storage capacity reaches an organizationally defined percentage of maximum capacity, this is a finding.
Fix Text (F-SRG-NET-999999-FW-000197_fix)
Configure the firewall implementation to alert when the event log reaches an organizationally defined capacity.