Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-37315 | SRG-NET-000249-FW-000145 | SV-49076r1_rule | Medium |
Description |
---|
Organizations may determine that in response to malicious code detection, different actions may be warranted for different situations. For example, the firewall may send different alerts, block malicious packets, block the IP address, or update the firewall depending on the capabilities of the implementation. Upon detection of traffic transporting malicious code, the firewall implementation must perform organizationally defined actions to notify or prevent malicious code from further impacting the network. |
STIG | Date |
---|---|
Firewall Security Requirements Guide | 2013-04-24 |
Check Text ( C-45563r1_chk ) |
---|
Review the malicious code protection software installed on the firewall. Verify organizationally defined actions are performed upon the detection of malicious code. If the firewall is not configured to perform organizationally defined actions when malicious code is detected, this is a finding. |
Fix Text (F-42240r1_fix) |
---|
Configure the firewall implementation to perform organizationally defined actions when malicious code is detected. |