UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must produce application log records containing sufficient information to establish where the events occurred.


Overview

Finding ID Version Rule ID IA Controls Severity
V-37348 SRG-NET-999999-FW-000178 SV-49109r1_rule Medium
Description
Logging network location information for each detected event provides a means of investigating an attack, recognizing resource utilization or capacity thresholds, or identifying an improperly configured firewall. In order to establish and correlate the series of events leading up to an outage or attack, it is imperative the source or object of the log record is recorded in all log records.
STIG Date
Firewall Security Requirements Guide 2013-04-24

Details

Check Text ( C-45595r1_chk )
Examine the aggregated firewall application log on the management console.
View entries for several alerts.
Verify the events in the logs show the location of each event (e.g., network name, network subnet, network segment, or organization).

If the firewall application log records do not include the event location, this is a finding.
Fix Text (F-42273r1_fix)
Configure the firewall implementation to capture the location of each event (e.g., network name, network subnet, network segment, or organization).