UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must enforce access restrictions associated with changes to the system components.


Overview

Finding ID Version Rule ID IA Controls Severity
V-37113 SRG-NET-000118-FW-000068 SV-48874r1_rule Low
Description
Changes to the hardware or software components of the firewall can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should be allowed administrative access to the firewall for implementing any changes or upgrades. This requirement applies to updates of the application files, configuration, ACLs, and policy filters.
STIG Date
Firewall Security Requirements Guide 2013-04-24

Details

Check Text ( C-45485r1_chk )
Verify only authorized users have permissions for changes, deletions and updates on the firewall.
Inspect the maintenance log to verify changes are being made only by the system administrators.

If unauthorized users are allowed to change the hardware or application software, this is a finding.
Fix Text (F-42058r1_fix)
Configure the firewall implementation to enforce access restrictions associated with changes to the system components.