| V-37052 | High | The firewall implementation must enforce approved authorizations for controlling the flow of information between interconnected systems in accordance with applicable policy. | Information flow controls are mechanisms which regulate where information is allowed to travel between interconnected systems. This control applies to the flow of information between the firewall... |
| V-37221 | High | The firewall implementation must protect against or limit the effects of denial of service attacks. | This control requires denial of service protection for the firewall application. A denial of service attack against the firewall can leave the network without a vital security protection, leaving... |
| V-37435 | High | The firewall implementation must monitor and control traffic at both the external and internal boundary interfaces. | Monitoring and controlling both inbound and outbound network traffic adds a layer of protection to the enclave. Blocking harmful inbound and outbound traffic can also prevent the network from... |
| V-37058 | Medium | The firewall must uniquely authenticate source domains for information transfer. | Identifying source address for information flows within the network allows forensic reconstruction of events when required, and increases policy compliance by attributing policy violations to... |
| V-37312 | Medium | The firewall implementation must protect the confidentiality and integrity of system information at rest. | This requirement is intended to address the confidentiality and integrity of system information at rest (e.g., firewall rule sets or ACLs) when it is located on a storage device within the... |
| V-37313 | Medium | The firewall implementation must employ cryptographic mechanisms to prevent unauthorized disclosure of information at rest. | This requirement is intended to address the confidentiality and integrity of system information at rest (e.g., firewall rule sets or ACLs) when it is located on a storage device within the... |
| V-37314 | Medium | The firewall implementation must employ malicious code protection mechanisms to detect and block malicious code at the network perimeter. | The organization must employ malicious code protection mechanisms at information system entry and exit points. This protection must detect and eradicate malicious code transported by electronic... |
| V-37315 | Medium | The firewall implementation must be configured to perform organizationally defined actions in response to malicious code detection. | Organizations may determine that in response to malicious code detection, different actions may be warranted for different situations. For example, the firewall may send different alerts, block... |
| V-37316 | Medium | The firewall implementation must verify the correct operation of security functions, in accordance with organizationally identified conditions and frequency. | Security functional testing involves testing the system for conformance to the application's security function specifications, as well as, compliance with the underlying security model.
The need... |
| V-37317 | Medium | The firewall implementation must respond to security function anomalies in accordance with organizationally defined responses and alternative actions. | Verification of security functionality is necessary to ensure the system's defenses are enabled. These anomalies are detected by running self-tests on each component in the firewall. For those... |
| V-37181 | Medium | The firewall implementation must enforce minimum password length. | Authorization for access to any firewall requires an approved and assigned individual account identifier. To ensure only the assigned individual is using the account, the account holder must... |
| V-37183 | Medium | The firewall implementation must prohibit password reuse for the organizationally defined number of generations. | Authorization for access to any firewall requires an approved and assigned individual account identifier. To ensure only the assigned individual is using the account, the account holder must... |
| V-37187 | Medium | The firewall implementation must enforce password complexity by the number of lower case characters used. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that... |
| V-37301 | Medium | The firewall implementation must protect the integrity and availability of publicly available information and applications. | Public-facing servers enable access to information by clients outside of the enclave. These servers are subject to greater exposure to attacks. It is imperative that the integrity of the data is... |
| V-37197 | Medium | The firewall implementation must enforce password encryption for transmission. | To ensure only the assigned individual is using the account, the account holder must create a strong password that is privately maintained and changed based on the organizationally defined... |
| V-37195 | Medium | The firewall implementation must enforce password encryption for storage. | To ensure only the assigned individual is using the account, the account holder must create a strong password that is privately maintained and changed based on the organizationally defined... |
| V-37299 | Medium | The firewall implementation must employ cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. | The most common vulnerabilities with cryptographic modules are those associated with poor implementation. Using cryptographic modules complying with applicable federal laws, Executive Orders,... |
| V-37199 | Medium | The firewall implementation must enforce minimum password lifetime restrictions. | To ensure only the assigned individual is using the account, the account holder must create a strong password that is privately maintained and changed based on the organizationally defined... |
| V-37329 | Medium | The firewall implementation must prevent the download of prohibited mobile code. | Decisions regarding the use of mobile code within the firewall are based on the potential for the code to cause damage to the system if used maliciously. Mobile code technologies include Java,... |
| V-37328 | Medium | The firewall implementation must support organizational requirements to disable the user identifiers after an organizationally defined time period of inactivity.
| Inactive user accounts pose a risk to systems and applications. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained. Attackers that are able... |
| V-37327 | Medium | The firewall implementation must protect the audit records of non-local accesses to privileged accounts and the execution of privileged functions. | Auditing may not be reliable when performed by the network element to which the user being audited has privileged access. The privileged user may inhibit auditing or modify audit records. This... |
| V-37321 | Medium | The firewall implementation must identify and respond to potential security-relevant error conditions. | Error messages generated by various components and services of the network devices can indicate a possible security violation or breach. The firewall implementation must detect and respond to... |
| V-37320 | Medium | The firewall implementation must detect unauthorized changes to software and information. | The firewall implementation must employ integrity verification tools to detect unauthorized changes to software and firmware used on the firewall. Anomalous behavior and unauthorized changes must... |
| V-37322 | Medium | The firewall implementation must generate error messages providing information necessary for corrective actions without revealing organizationally defined sensitive or potentially harmful information in error logs and administrative messages that could be exploited. | The extent to which the firewall is able to identify and handle error conditions is guided by organizational policy and operational requirements. However, these error messages must not reveal... |
| V-37057 | Medium | The firewall implementation must uniquely identify source domains for information transfer. | Identifying source address for information flows within the network allows forensic reconstruction of events when required, and increases policy compliance by attributing policy violations to... |
| V-37114 | Medium | The firewall implementation must use automated mechanisms to enforce access restrictions. | Changes to the hardware or software components of the firewall can have significant effects on the overall security of the network. Therefore, the firewall implementation must be configured to use... |
| V-37115 | Medium | The firewall implementation must use automated mechanisms to support auditing of the enforcement actions. | Changes to the hardware or software components of the firewall can have significant effects on the overall security of the network. Maintaining audit log records of access events helps to ensure... |
| V-37059 | Medium | The firewall implementation must uniquely identify destination domains for information transfer. | Identifying destination domain address for information flows within the network allows forensic reconstruction of events when required, and increases policy compliance by attributing policy... |
| V-37233 | Medium | The firewall implementation must route organizationally defined internal communications traffic destined for organizationally defined external networks through authenticated application firewalls (application proxy servers) at managed interfaces. | This control requires that identified traffic destined for certain external networks be inspected before being allowed through externally facing interfaces. The firewall implementation must... |
| V-37232 | Medium | The firewall implementation must deny network traffic by default and allow network traffic by exception at all interfaces at the network perimeter. | All inbound and outbound traffic must be denied by default. The firewall and perimeter routers must only allow traffic that is explicitly permitted. Similarly, allowing unknown or undesirable... |
| V-37339 | Medium | The firewall implementation must inspect inbound and outbound DNS traffic for harmful content and protocol conformance. | Allowing traffic through the firewall without inspection creates a direct connection between the host in the private network and a host on the outside. This bypasses security measures and places... |
| V-37330 | Medium | The firewall implementation must enforce a Discretionary Access Control (DAC) policy that limits propagation of access rights. | Access control policies (e.g., identity-based policies, role-based policies) and access enforcement mechanisms (e.g., access control lists, policy maps, and cryptography) are used to control... |
| V-37331 | Medium | The firewall implementation must enforce a DAC policy that includes or excludes access to the granularity of a single user. | Access control policies (e.g., identity-based policies and role-based policies) and access enforcement mechanisms (e.g., access control lists, policy maps, cryptography) are employed by... |
| V-37336 | Medium | The firewall implementation must have only one local account created for use when the network is not available or direct access on the device is needed. | Authentication for administrative access to the device is required at all times. A single account can be created on the device's local database for use in an emergency such as when the... |
| V-37337 | Medium | The firewall implementation must be configured to use two or more authentication servers for the purpose of granting administrative access. | The use of an authentication server affords the best methods for controlling user access, authorization levels, and activity logging. By enabling an authentication server, the administrators can... |
| V-37167 | Medium | The firewall implementation must be configured to prohibit or restrict network traffic in accordance with organizationally defined requirements for nonsecure ports, protocols, and/or services. | DoD continually assesses the ports, protocols, and services that can be used for network communications. Some ports, protocols or services have known exploits or security weaknesses. Network... |
| V-37165 | Medium | The firewall application must be configured to prohibit or restrict the use of organizationally defined nonsecure ports, protocols, and/or services. | This requirement applies to each firewall installed as part of the firewall implementation. DoD continually assesses the ports, protocols, and services that can be used for network communications.... |
| V-37079 | Medium | The firewall implementation must automatically lock an account after the maximum number of unsuccessful login attempts are exceeded and remain locked for an organizationally defined time period or until released by an administrator. | The firewall implementation must automatically lock the account for an organizationally defined time period or until released by an administrator according to organizational policy. Locking an... |
| V-37078 | Medium | The firewall implementation must enforce the organizationally defined time period over which the number of invalid login attempts are counted. | To reduce the risk of successful malicious login attempts, the firewall implementation must define the time period over which the number of failed login attempts (CCI-000044) is counted before... |
| V-37173 | Medium | The firewall implementation must use multifactor authentication for local access to privileged accounts. | Single-factor authentication poses unnecessary risk to the information system since most single-factor authentication methods use only a userid and password. Passwords are, in most cases, easily... |
| V-37175 | Medium | The firewall implementation must support the organizational requirement to ensure individuals are authenticated with an individual authenticator prior to using a group authenticator.
| To assure individual accountability and prevent unauthorized access, organizational users (and any processes acting on behalf of users) must be individually identified and authenticated. Sharing... |
| V-37220 | Medium | The firewall implementation must prevent unauthorized and unintended information transfer via shared system resources. | The purpose of this control is to prevent information produced by the actions of a prior user, role, or the actions of a process acting on behalf of a prior user or role from being available to... |
| V-37223 | Medium | The firewall implementation must limit the use of resources by priority. | Priority protection helps prevent a lower priority process from delaying or interfering with the information system servicing any higher-priority process. If priority protection is not... |
| V-37229 | Medium | The firewall implementation must prevent access into the organizations internal networks except as explicitly permitted and controlled by employing boundary protection devices. | The enclave's internal network contains the servers where mission critical data and applications reside. There should never be connection attempts made to these devices from any host outside of... |
| V-37177 | Medium | The firewall implementation must use organizationally defined replay-resistant authentication mechanisms for network access to privileged accounts. | All authentication credentials must be maintained on an authentication server. Messages between the authenticator and the firewall validating user credentials must not be vulnerable to a replay... |
| V-37070 | Medium | The firewall implementation must uniquely authenticate destination domains for information transfer. | Identifying destination address for information flows within the network allows forensic reconstruction of events when required, and increases policy compliance by attributing policy violations to... |
| V-37077 | Medium | The firewall implementation must enforce the organizationally defined maximum number of consecutive invalid login attempts. | The firewall implementation must limit the number of times an account may consecutively fail at login. By limiting the number of failed login attempts, the risk of unauthorized system access by... |
| V-37348 | Medium | The firewall implementation must produce application log records containing sufficient information to establish where the events occurred. | Logging network location information for each detected event provides a means of investigating an attack, recognizing resource utilization or capacity thresholds, or identifying an improperly... |
| V-37347 | Medium | The firewall implementation must produce application event log records containing sufficient information to establish when the events occurred. | Logging the date and time of each detected event provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or identify an improperly configured firewall. In... |
| V-37171 | Medium | The firewall implementation must use multifactor authentication for network access to privileged accounts. | Multifactor authentication uses two or more factors to achieve authentication.
Factors include:
(i) something you know (e.g., password/PIN);
(ii) something you have (e.g., cryptographic... |
| V-37345 | Medium | The firewall implementation must generate application log records for success or failure of firewall rule, as determined by the organization to be relevant to the security of the network infrastructure. | As the firewall rules are applied on each firewall, event log entries are entered into the firewall application log. Firewall events are usually stored on each device and periodically transferred... |
| V-37343 | Medium | A firewall located behind the premise router must be configured to block all outbound management traffic. | The management network must still have its own subnet in order to enforce control and access boundaries provided by Layer 3 network nodes such as routers and firewalls. Management traffic between... |
| V-37342 | Medium | The firewall implementation must inspect inbound and outbound HTTP traffic for harmful content and protocol conformance. | Allowing traffic through the firewall without inspection creates a direct connection between the host in the private network and a host on the outside. This bypasses security measures and places... |
| V-37341 | Medium | The firewall implementation must inspect inbound and outbound FTP traffic for harmful content and protocol conformance. | Allowing traffic through the firewall without inspection creates a direct connection between the host in the private network and a host on the outside. This bypasses security measures and places... |
| V-37340 | Medium | The firewall implementation must inspect inbound and out bound SMTP and Extended SMTP traffic for harmful content and protocol conformance.
| Allowing traffic through the firewall without inspection creates a direct connection between the host in the private network and a host on the outside. This bypasses security measures and places... |
| V-37213 | Medium | The firewall implementation must be configured to detect the presence of unauthorized software on organizational information systems. | The firewall monitors the network for known vulnerabilities and malicious software, such as Trojan horses, hacker tools, DDoS agents, and spyware. Many of these vulnerabilities may not be detected... |
| V-37295 | Medium | The firewall implementation must protect the confidentiality of transmitted information. | This control applies to information transmitted by the firewall application. Preventing the disclosure of transmitted information requires that applications take measures to employ some form of... |
| V-37294 | Medium | The firewall implementation must use cryptographic mechanisms to detect changes to information during transmission, unless otherwise protected by alternative physical measures. | This control applies to information transmitted by the firewall application. Preventing the disclosure of information while in transit requires applications to take measures to employ some form of... |
| V-37297 | Medium | The firewall implementation must terminate the connection associated with a communications session at the end of the session or after an organizationally defined time period of inactivity. | Terminating network connections associated with communications sessions include, de-allocating associated TCP/IP address/port pairs at the operating system level, and de-allocating networking... |
| V-37296 | Medium | The firewall implementation must employ cryptographic mechanisms to prevent unauthorized disclosure of information during transmission, unless otherwise protected by alternative physical measures. | This control applies to information transmitted by the firewall application. Preventing the disclosure of transmitted information requires that applications take measures to employ some form of... |
| V-37358 | Medium | The firewall implementation must protect application log information from unauthorized read access. | Event logging is a key component of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity... |
| V-37359 | Medium | The firewall implementation must protect the application log information from unauthorized modification. | Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured system.... |
| V-37293 | Medium | The firewall implementation must protect the integrity of transmitted information. | This control applies to information transmitted by the firewall application. Preventing the disclosure of information while in transit requires applications to take measures to employ some form of... |
| V-37356 | Medium | The firewall implementation must be configured to send an alert to designated personnel in the event the application log fails to function. | Firewall application logging is a key component of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or... |
| V-37357 | Medium | The firewall implementation must be configured to stop generating application log records or overwrite the oldest log records when a log failure occurs. | Firewall implementation logging is a key component of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or... |
| V-37346 | Medium | The firewall implementation must produce application event log records that contain sufficient information to establish what type of event occurred. | Associating event types with detected events in the firewall application logs provides a means of investigating an attack, recognizing resource utilization or capacity thresholds, or identifying... |
| V-37209 | Medium | The firewall implementation must terminate all sessions when non-local maintenance is completed. | In the event the remote node has abnormally terminated or an upstream link from the managed device is down, the management session will be terminated. Thereby, freeing device resources and... |
| V-37203 | Medium | The firewall implementation must use NIST-validated FIPS 140-2 cryptography to implement authentication encryption mechanisms. | Encryption is only as good as the encryption modules utilized. Unapproved cryptographic module algorithms cannot be verified, and cannot be relied upon to provide confidentiality or integrity and... |
| V-37200 | Medium | The firewall implementation must enforce maximum password lifetime restrictions. | To ensure only the assigned individual is using the account, the account holder must create a strong password that is privately maintained and changed based on the organizationally defined... |
| V-37201 | Medium | The firewall implementation must obscure feedback of authentication information during the authentication process to protect the information from possible use by unauthorized individuals. | To prevent the compromise of authentication information, such as passwords during the authentication process, the feedback from the information system shall not provide any information that would... |
| V-37204 | Medium | The firewall implementation must employ automated mechanisms to assist in the tracking of security incidents. | Despite the investment in perimeter defense technologies, enclaves are still faced with detecting, analyzing, and remediating network breaches and exploits that have made it past the firewall. An... |
| V-37369 | Medium | The firewall implementation must ensure the IPv6 Jumbo Payload hop-by-hop header is blocked. | The IPv6 Jumbo Payload allows IP packets to be larger than 65,535 bytes. This feature is only useful on very specialized high performance systems (e.g., super computers). Commonplace link layer... |
| V-37368 | Medium | The firewall implementation must ensure IPv6 Site Local Unicast addresses are not used. | As currently defined, Site Local Unicast addresses are ambiguous and can be present in multiple sites. The addresses themselves do not contain any indication of the site to which it belongs. The... |
| V-37361 | Medium | The firewall implementation must suppress router advertisements for traffic destined for external IPv6-enabled interfaces. | Many of the known attacks in stateless autoconfiguration defined in RFC 3756 were present in IPv4 ARP attacks. IPSec AH was originally suggested as mitigation for "link local attacks", but has... |
| V-37360 | Medium | The firewall implementation must protect application logs from unauthorized deletion. | Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured system.... |
| V-37363 | Medium | The firewall implementation must drop all inbound IPv6 packets containing a Type 0 Routing Header unless the packet also contains an IPSec AH or IPSec ESP header. | The IPv6 Type 0 Routing Header (extension header) is functionally equivalent to the IPv4 loose source routing header option, which is typically blocked for security reasons. The Type 0 Routing... |
| V-37365 | Medium | The firewall implementation must drop IPv6 drop at least one fragment of any inbound fragmented packet for which the complete data set for filtering, cannot be determined. | Drop at least one fragment of any inbound fragmented packet for which the complete data set for filtering, to include protocol/port values, cannot be determined. A firewall must be able to... |
| V-37364 | Medium | The firewall implementation must drop all inbound IPv6 packets containing undefined header extensions/protocol values. | Undefined IPv6 header extensions means that the Next Header type is not registered with Internet Assigned Numbers Authority (IANA). The header extension is the same as the protocol value, and... |
| V-37349 | Medium | The firewall implementation must produce application log records containing sufficient information to establish the source of the event. | Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured firewall. If... |
| V-37366 | Medium | The firewall implementation must drop IPv6 drop all inbound IPv6 packets containing more than one Fragmentation Header within an IP header chain. | Nested fragmentation is an unnecessary and unwanted IPv6 condition that is not forbidden by the specifications. It occurs when an IP header chain contains more than one Fragmentation Header,... |
| V-37367 | Medium | The firewall implementation must ensure IPv6 6-to-4 addresses are dropped at the enclave perimeter for inbound and outbound traffic. | "6-to-4" is a tunneling IPv6 transition mechanism. The guidance is the default case, which assumes that 6-to-4 is not used. If 6-to-4 is used, then firewall rules must be configured to drop... |
| V-37087 | Medium | The firewall implementation must employ automated mechanisms to monitor and control remote access methods. | Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods... |
| V-37088 | Medium | The firewall implementation must route all remote access traffic through managed access control points. | Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods... |
| V-37089 | Medium | The firewall implementation must monitor for unauthorized remote connections to specific information systems on an organizationally defined frequency. | Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods... |
| V-37370 | Medium | The firewall implementation must ensure interfaces supporting IPv4 in NAT-PT architecture do not receive IPv6 traffic. | Network Address Translation with Protocol Translation (NAT-PT) is a service that can be used to translate data sent between IP-heterogeneous nodes. NAT-PT translates an IPv4 datagram into a... |
| V-37118 | Medium | The firewall implementation must limit privileges to change software resident within software libraries, including privileged programs. | Changes to any software components of the firewall can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should be allowed... |
| V-37119 | Medium | The firewall implementation must not have unnecessary services and functions enabled. | Information systems are capable of providing a wide variety of functions (capabilities or processes) and services. Some of these functions and services are installed and enabled by default. The... |
| V-37035 | Low | The firewall implementation must provide automated support for account management functions. | Account management functions include: assignment of group or role membership; identifying account type; specifying user access authorizations (i.e., privileges); account removal, update, or... |
| V-37037 | Low | The firewall implementation must automatically terminate emergency accounts after an organizationally defined time period. | Emergency accounts are established in response to crisis situations and with the need for rapid account activation. Therefore, emergency account activation may bypass normal account authorization... |
| V-37036 | Low | The firewall implementation must automatically terminate temporary accounts after an organizationally defined time period for each type of account. | Temporary accounts are established as part of normal account activation procedures when there is a need for short-term accounts without the demand for immediacy in account activation. If temporary... |
| V-37110 | Low | The firewall implementation must provide audit record generation capability for organizationally defined auditable events occurring within the firewall. | Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done, what attempted to be done, where it was done, when it was... |
| V-37305 | Low | The firewall implementation must provide mechanisms to protect the authenticity of communications sessions. | This requirement addresses communications protection at the session, versus the packet level. Maintaining the authenticity of the communications session and confidence in the mutual ongoing... |
| V-37039 | Low | The firewall implementation must automatically audit the creation of accounts. | Upon gaining access to a system, an attacker will often first attempt to create a persistent method of re-establishing access. One way to accomplish this is to create a new account. Notification... |
| V-37038 | Low | The firewall implementation must automatically disable inactive accounts after an organizationally defined time period of inactivity. | Since the accounts in the firewall are privileged or system level accounts, account management is vital to the security of the firewall. Inactive accounts could be reactivated or compromised by... |
| V-37310 | Low | The firewall implementation must fail to an organizationally defined known state for organizationally defined types of failures. | Failure to a known state can address safety or security in accordance with the mission needs of the organization. Failure to a state that is known to be secure helps prevent the loss of... |
| V-37311 | Low | The firewall implementation must preserve organizationally defined system state information in the event of a system failure. | Failure to a known state can address safety or security in accordance with the mission needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality,... |
| V-37185 | Low | The firewall implementation must enforce password complexity by the number of upper case characters used. | Authorization for access to any firewall requires an approved and assigned individual account identifier. To ensure only the assigned individual is using the account, the account holder must... |
| V-37101 | Low | The firewall implementation must be capable of taking organizationally defined actions upon audit failure. | Auditing of account use and user actions is a critical part of the security architecture. Auditable events must be logged. If the firewall becomes unable to write events to the audit log, this is... |
| V-37100 | Low | The firewall implementation must be configured to send an alert to designated personnel in the event of an audit processing failure. | Auditing of account use and user actions is a critical part of the security architecture. Auditable events must be logged. If the firewall becomes unable to write events to the audit log, this is... |
| V-37103 | Low | The firewall implementation must synchronize internal system clocks on an organizationally defined frequency with an organizationally defined authoritative time source. | The various components within the network infrastructure providing the log records must have their clocks synchronized using a common time reference, so the events can be correlated in exact order... |
| V-37102 | Low | The firewall implementation must use internal system clocks to generate timestamps for audit records. | In order to determine what is happening within the network infrastructure or to resolve and trace an attack, the firewall implementation must support the organization's capability to correlate the... |
| V-37105 | Low | The firewall implementation must protect audit log information from unauthorized modification. | Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured system.... |
| V-37104 | Low | The firewall implementation must protect audit log information from unauthorized read access. | Auditing of account use and user actions is a critical part of the security architecture. Auditable events must be logged. If the firewall becomes unable to write events to the audit log, this is... |
| V-37106 | Low | The firewall implementation must protect audit logs from unauthorized deletion. | Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity thresholds, or to simply identify an improperly configured system.... |
| V-37109 | Low | The firewall must protect against an individual falsely denying having performed a particular action. | This requirement supports non-repudiation of actions taken by an administrator and is required in order to maintain the integrity of the configuration management process. All configuration changes... |
| V-37194 | Low | The firewall implementation must enforce the number of characters changed when passwords are changed. | To ensure only the assigned individual is using the account, the account holder must create a strong password that is privately maintained and changed based on the organizationally defined... |
| V-37193 | Low | The firewall implementation must enforce password complexity by the number of special characters used. | To ensure only the assigned individual is using the account, the account holder must create a strong password that is privately maintained and changed based on the organizationally defined... |
| V-37190 | Low | The firewall implementation must enforce password complexity by the number of numeric characters used. | To ensure only the assigned individual is using the account, the account holder must create a strong password that is privately maintained and changed based on the organizationally defined... |
| V-37325 | Low | The firewall implementation must prevent access to organizationally defined security-relevant information except during secure, non-operable system states. | Security relevant information is any information within the information system that can potentially impact the operation of security functions in a manner that could result in failure to enforce... |
| V-37324 | Low | The firewall implementation must block network access by unauthorized devices and must log the information as a security violation. | Local access to the private network can easily be accomplished by merely connecting a workstation or laptop to any available wall plate or a wireless connection to a nearby access point. Remote... |
| V-37323 | Low | The firewall implementation must activate an organizationally defined alarm when a system component failure is detected. | Predictable failure prevention requires organizational planning to address system failure issues. If components key to maintaining the system's security fail to function, the system could continue... |
| V-37051 | Low | The firewall implementation must enforce approved authorizations for controlling the flow of information within the system and its components in accordance with applicable flow control policy. | Information flow control regulates where information is allowed to travel. Flow control mechanisms, such as the firewall, use security attributes to control and restrict information flow. Security... |
| V-37050 | Low | The firewall implementation must implement organizationally defined nondiscretionary access control policies over organizationally defined users and resources. | When nondiscretionary access control mechanisms are implemented, security labels are assigned to securable objects and users are granted access to the objects only if their level of access matches... |
| V-37116 | Low | The firewall implementation must prevent the installation of organizationally defined critical software programs not signed with an organizationally approved private key. | Changes to any software components of the firewall can have significant effects on the overall security of the network. Verifying the authenticity of the software prior to installation validates... |
| V-37112 | Low | The firewall implementation must generate audit log events for a locally developed list of auditable events. | Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; recognize resource utilization or capacity... |
| V-37113 | Low | The firewall implementation must enforce access restrictions associated with changes to the system components. | Changes to the hardware or software components of the firewall can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should be... |
| V-37111 | Low | The firewall implementation must allow designated organizational personnel to select which auditable events are to be audited by specific components of the system. | Logging the actions of specific events provides a way to investigate an attack, recognize resource utilization or capacity thresholds, or to identify an improperly configured network element. If... |
| V-37338 | Low | The firewall implementation must implement NAT to ensure endpoint internal IPv4 addresses are not visible to external untrusted networks. | Network Address Translation (NAT) works well with the implementation of RFC 1918 addressing scheme. It also has the privacy benefit of hiding real internal addresses. An attacker can learn more... |
| V-37044 | Low | The firewall implementation must notify the organizationally identified individuals when the account has been disabled. | Account management by a designated authority ensures access to the firewall is controlled in a secured manner by granting access to only authorized personnel with the necessary privileges.... |
| V-37045 | Low | The firewall implementation must automatically audit account termination. | Account management, as a whole, ensures access to the firewall is being controlled in a secured manner by granting access to only authorized personnel. Auditing account termination will support... |
| V-37046 | Low | The firewall implementation must notify the organizationally identified individuals for account termination. | Account management by a designated authority ensures access to the firewall is being controlled by granting access only to authorized personnel with the necessary privileges. Automatic... |
| V-37168 | Low | The firewall implementation must support organizational requirements to conduct backups of system level information contained in the information system per organizationally defined frequency. | System level information includes default and customized settings and security attributes, as well as software required for the execution and operation of the device. Information system backup is... |
| V-37040 | Low | The firewall implementation must notify the organizationally identified individuals when accounts are created. | Because the accounts used to access the firewall components are privileged or system level accounts, account management is vital to the security of the system. In order to detect and respond to... |
| V-37041 | Low | The firewall implementation must automatically audit account modification. | Since the accounts in the firewall are privileged or system level accounts, account management is vital to the security of the firewall. Account management by a designated authority ensures access... |
| V-37042 | Low | The firewall implementation must notify the organizationally identified individuals when accounts are modified. | Because the accounts used to access the firewall components are privileged or system level accounts, account management is vital to the security of the system. In order to respond to events... |
| V-37043 | Low | The firewall implementation must automatically audit account disabling actions. | Account management, as a whole, ensures access to the firewall is being controlled in a secured manner by granting access to only authorized personnel. Auditing account disabling actions will... |
| V-37049 | Low | The firewall implementation must enforce approved authorizations for logical access to firewall information and system resources in accordance with applicable access control policy. | Enforcement of approved authorizations for access control allows granularity of privilege assignments for each administrator and ensures only authorized users have access to certain commands and... |
| V-37178 | Low | The firewall implementation must authenticate an organizationally defined list of specific devices by device type before establishing a connection. | A firewall implementation must have a level of trust with any node wanting to connect to it. Device authentication prevents an authorized user from connecting to perform privileged functions using... |
| V-37075 | Low | The firewall implementation must implement separation of duties through assigned information system access authorizations.
| Separation of duties supports the management of individual accountability and reduces the power of one individual or administrative account. An example of separation of duties within the firewall... |
| V-37344 | Low | The firewall implementation must be configured to log any attempt to a port, protocol, or service that is denied. | Auditing and logging are key components of any security architecture. It is essential security personnel know what is being done, attempted to be done, and by whom in order to compile an accurate... |
| V-37169 | Low | The firewall implementation must support organizational requirements to conduct backups of information system documentation, including security-related documentation, per an organizationally defined frequency that is consistent with recovery time and recovery point objectives. | Information system backup is a critical step in maintaining data assurance and availability. Information system and security related documentation contains information pertaining to system... |
| V-37047 | Low | The firewall implementation must monitor for unusual usage of accounts. | Atypical account usage is behavior that is not part of normal usage cycles (e.g., large amounts of user account activity occurring after hours or on weekends). A comprehensive account management... |
| V-37214 | Low | The firewall implementation must isolate security functions from non-security functions. | The firewall implementation must be designed and configured to isolate security functions from non-security functions. An isolation boundary is implemented via partitions and domains. This... |
| V-37211 | Low | The firewall implementation must employ cryptographic mechanisms to protect information in storage. | When data is written to digital media, there is the risk of loss of data along with integrity and data confidentiality. An organizational assessment of risk guides the selection of media and... |
| V-37292 | Low | The firewall implementation must connect to external networks only through managed interfaces consisting of boundary protection devices arranged in accordance with organizational security architecture. | The firewall will build a state to allow return traffic for all initiated traffic that was allowed outbound. Monitoring and filtering the outbound traffic adds a layer of protection to the... |
| V-37354 | Low | The firewall implementation application event logging function must reduce the likelihood of log record capacity being exceeded. | Event logging is a key function of the firewall implementation. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity... |
| V-37355 | Low | The firewall implementation must provide a warning when the application event logging storage capacity reaches an organizationally defined maximum capacity. | It is imperative the firewall implementation be configured to allocate storage capacity to contain event log records and an alert be generated when the capacity reaches an organizationally defined... |
| V-37350 | Low | The firewall implementation must produce application log records containing sufficient information to determine if the event was a success or failure. | Denied traffic must be logged. There may also be some instances where a packet that was permitted or other successful event (i.e., logon) should be logged to establish and correlate the series of... |
| V-37351 | Low | The firewall implementation must produce application log records that capture sufficient information to establish the identity of any user account associated with the events detected by the firewall application. | Log record content that may be necessary to satisfy the requirement of this control includes: timestamps, source and destination addresses, user/process identifiers, event descriptions,... |
| V-37352 | Low | The firewall implementation must produce application log records that capture organizationally defined additional information (identified by type, location, or subject) to the records for the events detected by the firewall application. | Firewall application logs must be configured to capture all organizationally defined information deemed necessary for possible event investigation and traceability. This additional information may... |
| V-37353 | Low | The firewall implementation must allocate firewall application log record storage capacity. | The firewall implementation must allocate enough storage capacity to contain log records. If the log storage capacity is exceeded, the firewall may malfunction or shutdown. The site would lose... |
| V-37093 | Low | The firewall implementation must produce audit log records containing sufficient information to establish where the events occurred. | It is essential for security personnel to know what is being done, what was attempted, where it was done, when it was done, and by whom it was done in order to compile an accurate risk assessment.... |
| V-37092 | Low | The firewall implementation must produce audit log records containing sufficient information to establish when the events occurred. | It is essential for security personnel to know what is being done, what was attempted, where it was done, when it was done, and by whom it was done in order to compile an accurate risk assessment.... |
| V-37091 | Low | The firewall implementation must produce audit log records that contain sufficient information to establish what type of event occurred. | It is essential for security personnel to know what is being done, what was attempted, where it was done, when it was done, and by whom it was done in order to compile an accurate risk assessment.... |
| V-37090 | Low | The firewall implementation must audit remote sessions for accessing an organizationally defined list of security functions and security-relevant information. | Remote access is access to organizational information systems by users (or processes acting on behalf of users) communicating through external networks (e.g., the Internet). Remote access methods... |
| V-37097 | Low | The firewall implementation must capture and log organizationally defined additional information (identified by type, location, or subject) to the audit records for audit events. | Audit record content that may be necessary to satisfy this requirement includes timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail... |
| V-37096 | Low | The firewall implementation must capture and log sufficient information to establish the identity of user accounts associated with the audit event. | Log record content that may be necessary to satisfy this requirement includes timestamps, source and destination addresses, user/process identifiers, event descriptions, success/fail indications,... |
| V-37095 | Low | The firewall implementation must produce audit log records containing sufficient information to determine if the event was a success or failure. | It is essential for security personnel to know what is being done, what was attempted, where it was done, when it was done, and by whom it was done in order to compile an accurate risk assessment.... |
| V-37094 | Low | The firewall implementation must produce audit log records containing sufficient information to establish the source of the event. | It is essential for security personnel to know what is being done, what was attempted, where it was done, when it was done, and by whom it was done in order to compile an accurate risk assessment.... |
| V-37099 | Low | The firewall implementation must provide a real-time alert when organizationally defined audit failure events occur. | Auditing and logging are key components of any security architecture. System administrators need to be notified as soon as possible of possible events which may have adverse security implications.... |
| V-37098 | Low | The firewall implementation must transmit audit events to the organizations central audit log server. | The organization must centrally manage the content of audit records generated by the firewall. Centrally managing audit data captured by the central firewall provides for easier management of... |
| V-37206 | Low | The firewall implementation must log non-local maintenance and diagnostic sessions. | This requirement pertains to the use of privileged access when establishing a diagnostic session connecting non-locally (i.e., from the network or using an auxiliary port) to perform session on... |
| V-37362 | Low | The firewall implementation must drop IPv6 packets for which the layer 4 protocol and ports cannot be detected. | As a minimum, a firewall must be able to drop any packet for which it cannot identify the layer 4 protocol and ports (if applicable). This is usually a default firewall feature, but is a... |
| V-37080 | Low | The firewall implementation must display an approved system use notification message (or banner) before granting access to the system. | All network devices must present a DoD-approved warning banner prior to a system administrator logging on. The banner should warn any unauthorized user not to proceed. It also should provide clear... |
| V-37081 | Low | The firewall implementation must display the notification message on the screen until the administrator takes explicit action to acknowledge the message. | All network devices must present a DoD-approved warning banner prior to a system administrator logging on. The banner should be acknowledged by the user prior to allowing the user access to the... |
| V-37082 | Low | The firewall implementation must display a DoD-approved system use notification message or banner before granting access to the device. | All network devices must present a DoD-approved warning banner before granting access to the device. The banner shall be formatted in accordance with the DoD policy "Use of DoD Information Systems... |
| V-37083 | Low | Upon successful login, the firewall implementation must notify the user of the date and time of the last login. | Providing users with information regarding the date and time of their last successful login allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to... |
| V-37086 | Low | The firewall implementation must limit the number of concurrent sessions for each account to an organizationally defined number. | This requirement addresses concurrent sessions for a given information system account and does not address concurrent sessions by a single user via multiple accounts. In many products, this value... |
| V-37371 | Low | The firewall implementation must backup application log records at an organizationally defined frequency onto a different system or media. | Firewall application event logging is a key component of any security architecture. An attack may cause corruption or delete the active events log. Maintaining a backup of the logs will minimize... |
