The firewall implementation must limit the use of resources by priority.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-37223	SRG-NET-000194-FW-000111	SV-48984r1_rule		Medium

Description
Priority protection helps prevent a lower priority process from delaying or interfering with the information system servicing any higher-priority process. If priority protection is not implemented, network congestion may result in poor network service because priority traffic may be delayed or dropped, and this in turn could result in a denial of service condition. This control refers to the functionality of the firewall application and is normally a function of system design.

Description

Priority protection helps prevent a lower priority process from delaying or interfering with the information system servicing any higher-priority process. If priority protection is not implemented, network congestion may result in poor network service because priority traffic may be delayed or dropped, and this in turn could result in a denial of service condition. This control refers to the functionality of the firewall application and is normally a function of system design.

STIG	Date
Firewall Security Requirements Guide	2013-04-24

Details

Check Text ( C-45530r2_chk )
Review the firewall documentation and system configuration to determine if resource prioritization is implemented as part of the firewall application. If the system is not configured to prioritize resources, this is a finding.

Fix Text (F-42160r1_fix)
Configure the firewall implementation to protect against or limit the effects of denial of service attacks by implementing risk mitigation solutions (e.g., multiple/distributed firewalls, load balancers, increasing log capacity, and/or providing service redundancy).