UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must isolate security functions from non-security functions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-37214 SRG-NET-000184-FW-000105 SV-48975r1_rule Low
Description
The firewall implementation must be designed and configured to isolate security functions from non-security functions. An isolation boundary is implemented via partitions and domains. This boundary must provide separation between processes having different security levels. These processes are used by the hardware, software, and firmware of the firewall to perform various functions. The firewall application must maintain a separate execution domain (e.g., address space) for each executing process to minimize the risk of leakage or corruption of privileged information. This control is normally a function of the firewall application design and is usually not a configurable setting; however, there may be settings in some firewall applications that must be configured to optimize function isolation. For most network devices, this function is a product of system design. Verification of this function requires access to the internal programmer's documentation of the firewall manufacturer.
STIG Date
Firewall Security Requirements Guide 2013-04-24

Details

Check Text ( C-45524r2_chk )
Verify the application is designed to separate security functions from non-security functions (i.e., separate address space) for executing processes.
Verify settings needed to enable or optimize this security feature are enabled and configured.

If the system is not designed to isolate security functions from non-security functions, this is a finding.
If settings needed to enable or optimize this security feature are not enabled or configured, this is a finding.
Fix Text (F-42152r2_fix)
Enable settings that isolate security functions from non-security functions.