The firewall implementation must support organizational requirements to conduct backups of system level information contained in the information system per organizationally defined frequency.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37168 | SRG-NET-000136-FW-000077 | SV-48929r1_rule | Low |
| Description |
|---|
| System level information includes default and customized settings and security attributes, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system level information, a denial of service condition is possible for all who utilize this critical network component. This control requires the firewall to support the organizational central backup process for system level information associated with the firewall. This function may be provided by the firewall itself; however, the preferred best practice is a centralized backup rather than each network element performing discrete backups. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45495r1_chk ) |
|---|
| Review the firewall configuration to determine whether the firewall is configured to backup system level data and is capable of backing up according to a defined frequency. If the firewall implementation does not support the organizational requirements to conduct backups of system level data according to a defined frequency, this is a finding. |
| Fix Text (F-42105r1_fix) |
|---|
| Configure the firewall implementation to backup system level data according to an organizationally defined frequency. |