The firewall implementation must be configured to perform organizationally defined actions in response to malicious code detection.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-37315	SRG-NET-000249-FW-000145	SV-49076r1_rule		Medium

Description
Organizations may determine that in response to malicious code detection, different actions may be warranted for different situations. For example, the firewall may send different alerts, block malicious packets, block the IP address, or update the firewall depending on the capabilities of the implementation. Upon detection of traffic transporting malicious code, the firewall implementation must perform organizationally defined actions to notify or prevent malicious code from further impacting the network.

Description

Organizations may determine that in response to malicious code detection, different actions may be warranted for different situations. For example, the firewall may send different alerts, block malicious packets, block the IP address, or update the firewall depending on the capabilities of the implementation. Upon detection of traffic transporting malicious code, the firewall implementation must perform organizationally defined actions to notify or prevent malicious code from further impacting the network.

STIG	Date
Firewall Security Requirements Guide	2013-04-24

Details

Check Text ( C-45563r1_chk )
Review the malicious code protection software installed on the firewall. Verify organizationally defined actions are performed upon the detection of malicious code. If the firewall is not configured to perform organizationally defined actions when malicious code is detected, this is a finding.

Fix Text (F-42240r1_fix)
Configure the firewall implementation to perform organizationally defined actions when malicious code is detected.