The firewall implementation must notify the organizationally identified individuals for account termination.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37046 | SRG-NET-000012-FW-000012 | SV-48807r1_rule | Low |
| Description |
|---|
| Account management by a designated authority ensures access to the firewall is being controlled by granting access only to authorized personnel with the necessary privileges. Automatic notification of account termination to organizationally identified individuals will provide the necessary reconciliation that account management procedures are being followed. It is also vital that the termination of accounts is monitored to ensure authorized accounts remain active and available for use when required. Notifying designated system individuals will provide an alert, so the account can be enabled if it had been disabled by mistake. This requirement is applicable to accounts created or maintained using the firewall application itself rather than the underlying OS or an authentication server. Accounts created and maintained on AAA devices (e.g., RADIUS, LDAP, or Active Directory) are secured using the applicable security guide or STIG. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45339r1_chk ) |
|---|
| Verify the list of configured alerts includes a notice for account termination events to organizationally identified individuals. If there is not a viewable, configurable option, request the administrator terminate an account and verify notification is sent to the organizationally identified individuals. If the system is not configured to notify organizationally identified individuals when an account has been terminated, this is a finding. |
| Fix Text (F-41905r1_fix) |
|---|
| Configure the firewall implementation to send an alert to organizationally identified individuals when accounts are terminated. |