The firewall implementation must backup application log records at an organizationally defined frequency onto a different system or media.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-999999-FW-000203 | SRG-NET-999999-FW-000203 | SRG-NET-999999-FW-000203_rule | Low |
| Description |
|---|
| Firewall application event logging is a key component of any security architecture. An attack may cause corruption or delete the active events log. Maintaining a backup of the logs will minimize the loss of data needed for incident investigation, forensics analysis, or operational trend analysis. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-999999-FW-000203_chk ) |
|---|
| Verify the firewall implementation is included in the site backup plan. Verify files are periodically backed-up in accordance with an organizationally defined schedule. Verify the backup job is scheduled to perform automatically without system administrator intervention. Verify the backup is configured to a different system or off-line media. If the firewall implementation is not configured to backup log records at an organizationally defined frequency onto a different system or media, this is a finding. |
| Fix Text (F-SRG-NET-999999-FW-000203_fix) |
|---|
| Configure a backup job to automatically backup the configuration files for all firewalls periodically on a schedule identified by the DAA or designated representative. Verify the backup is configured to direct the log files to a different system or off-line media. |