UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must provide a real-time alert when organizationally defined audit failure events occur.


Overview

Finding ID Version Rule ID IA Controls Severity
V-37099 SRG-NET-000085-FW-000054 SV-48860r1_rule Low
Description
Auditing and logging are key components of any security architecture. System administrators need to be notified as soon as possible of possible events which may have adverse security implications. If auditing of user actions cannot occur because of an audit failure, forensic evidence provided by this critical part of the audit trail will be lost. The warning notice that the space allocated for firewall audit trail storage is reaching maximum capacity must be sent to the administrators for both the organization's audit log server and the firewall. Because there can be a delay between the update of the central audit server and the firewall application event, a good best practice is to configure this alert to generate directly from the firewall. However, an alert from the organization's central audit log server is also acceptable providing it is real-time.
STIG Date
Firewall Security Requirements Guide 2013-04-24

Details

Check Text ( C-45471r1_chk )
View the list of alerts configured on the firewall. Determine if a real time alert is generated and sent to designated personnel upon audit log failure.

If the system does not provide a real-time alert when organizationally defined audit failure events occur, this is a finding.
Fix Text (F-42044r1_fix)
Configure the firewall implementation to provide a real-time alert (e.g., via email) for organizationally defined audit failure events.