The firewall implementation must generate application log records for success or failure of firewall rule, as determined by the organization to be relevant to the security of the network infrastructure.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37345 | SRG-NET-999999-FW-000175 | SV-49106r1_rule | Medium |
| Description |
|---|
| As the firewall rules are applied on each firewall, event log entries are entered into the firewall application log. Firewall events are usually stored on each device and periodically transferred to a central database or the network logging server. Centrally logging the security events provides a central location to store, view, analyze, and produce detailed reports on alerts. Organizations must define a firewall security policy and firewall rules which support this policy. Success or failure of the firewall rules must be logged in the application log. The organization must define which rules are to be logged or sent in an alert. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45593r1_chk ) |
|---|
| Obtain a list of organizationally defined events which must be logged upon detection by the firewall. Navigate to the management functionality for the firewall implementation log. Search for a sampling of these events in the firewall application log. If the firewall implementation log records do not show records for success or failure of firewall rules, as determined by the organization to be relevant to the security of the network infrastructure, this is a finding. |
| Fix Text (F-42270r1_fix) |
|---|
| Obtain a list of organizationally defined events which must be logged upon detection by the firewall. Configure the firewall implementation to log the required events. |