UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must support organizational requirements to conduct backups of system level information contained in the information system per organizationally defined frequency.


Overview

Finding ID Version Rule ID IA Controls Severity
V-37168 SRG-NET-000136-FW-000077 SV-48929r1_rule Low
Description
System level information includes default and customized settings and security attributes, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system level information, a denial of service condition is possible for all who utilize this critical network component. This control requires the firewall to support the organizational central backup process for system level information associated with the firewall. This function may be provided by the firewall itself; however, the preferred best practice is a centralized backup rather than each network element performing discrete backups.
STIG Date
Firewall Security Requirements Guide 2013-04-24

Details

Check Text ( C-45495r1_chk )
Review the firewall configuration to determine whether the firewall is configured to backup system level data and is capable of backing up according to a defined frequency.

If the firewall implementation does not support the organizational requirements to conduct backups of system level data according to a defined frequency, this is a finding.
Fix Text (F-42105r1_fix)
Configure the firewall implementation to backup system level data according to an organizationally defined frequency.