The firewall implementation must be configured to prohibit or restrict network traffic in accordance with organizationally defined requirements for nonsecure ports, protocols, and/or services.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37167 | SRG-NET-000132-FW-000076 | SV-48928r1_rule | Medium |
| Description |
|---|
| DoD continually assesses the ports, protocols, and services that can be used for network communications. Some ports, protocols or services have known exploits or security weaknesses. Network traffic using these ports, protocols, and services must be prohibited or restricted in accordance with DoD policy. The firewall implementation is a key network element for preventing these non-compliant ports, protocols, and services from causing harm to DoD information systems. The network firewall implementation must be configured to prevent or restrict the use of prohibited ports, protocols, and services throughout the network by filtering the network traffic and disallowing or redirecting traffic as necessary. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45494r1_chk ) |
|---|
| Verify the firewall implementation provides policy controls to disallow or allow with restrictions ports, protocols and services in accordance with the PPSM requirements. If the firewall implementation does not monitor inbound and outbound network traffic on each interface, prohibiting and restricting ports, protocols, and/or services in accordance with the PPSM, this is a finding. |
| Fix Text (F-42104r1_fix) |
|---|
| Configure the firewall implementation to prohibit or restrict network traffic in accordance with organizationally defined requirements for nonsecure ports, protocols, and/or services. |