The firewall implementation must provide a warning when the application event logging storage capacity reaches an organizationally defined maximum capacity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37355 | SRG-NET-999999-FW-000185 | SV-49116r1_rule | Low |
| Description |
|---|
| It is imperative the firewall implementation be configured to allocate storage capacity to contain event log records and an alert be generated when the capacity reaches an organizationally defined threshold. Without this capability, the site could lose valuable data needed for investigating security incidents. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45602r1_chk ) |
|---|
| Identify how the firewall is configured for this notification. Verify the message is displayed at the remote console if an administrator is already logged in, or when an administrator logs in. Verify the device is capable of generating the alarm or alert and notification as described. If the firewall implementation does not provide a warning when the logging storage capacity reaches an organizationally defined percentage of maximum capacity, this is a finding. |
| Fix Text (F-42280r1_fix) |
|---|
| Configure the firewall implementation to alert when the event log reaches an organizationally defined capacity. |