The firewall application must be configured to prohibit or restrict the use of organizationally defined nonsecure ports, protocols, and/or services.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37165 | SRG-NET-000132-FW-000075 | SV-48926r1_rule | Medium |
| Description |
|---|
| This requirement applies to each firewall installed as part of the firewall implementation. DoD continually assesses the ports, protocols, and services that can be used for network communications. Some ports, protocols or services have known exploits or security weaknesses. These ports, protocols, and services must be prohibited or restricted in the firewall configuration in accordance with DoD policy. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45493r1_chk ) |
|---|
| View the configuration and vendor documentation of the firewall application to find the minimum ports, protocols, and services which are required for operation of the firewall. Compare enabled ports, protocols, and/or services with the Ports, Protocol, and Service Management (PPSM) requirements. If ports, protocols, and/or services are not disabled or restricted as required by the PPSM, this is a finding. |
| Fix Text (F-42103r1_fix) |
|---|
| Disable ports, protocols, and/or services not required for operation of the firewall application. |