UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must backup application log records at an organizationally defined frequency onto a different system or media.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-999999-FW-000203 SRG-NET-999999-FW-000203 SRG-NET-999999-FW-000203_rule Low
Description
Firewall application event logging is a key component of any security architecture. An attack may cause corruption or delete the active events log. Maintaining a backup of the logs will minimize the loss of data needed for incident investigation, forensics analysis, or operational trend analysis.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-999999-FW-000203_chk )
Verify the firewall implementation is included in the site backup plan.
Verify files are periodically backed-up in accordance with an organizationally defined schedule.
Verify the backup job is scheduled to perform automatically without system administrator intervention.
Verify the backup is configured to a different system or off-line media.

If the firewall implementation is not configured to backup log records at an organizationally defined frequency onto a different system or media, this is a finding.
Fix Text (F-SRG-NET-999999-FW-000203_fix)
Configure a backup job to automatically backup the configuration files for all firewalls periodically on a schedule identified by the DAA or designated representative.
Verify the backup is configured to direct the log files to a different system or off-line media.