The firewall implementation must backup application log records at an organizationally defined frequency onto a different system or media.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-37371	SRG-NET-999999-FW-000201	SV-49132r1_rule		Low

Description
Firewall application event logging is a key component of any security architecture. An attack may cause corruption or delete the active events log. Maintaining a backup of the logs will minimize the loss of data needed for incident investigation, forensics analysis, or operational trend analysis.

STIG	Date
Firewall Security Requirements Guide	2013-04-24

Details

Check Text ( C-45618r1_chk )
Verify the firewall implementation is included in the site backup plan. Verify files are periodically backed-up in accordance with an organizationally defined schedule. Verify the backup job is scheduled to perform automatically without system administrator intervention. Verify the backup is configured to a different system or off-line media. If the firewall implementation is not configured to backup log records at an organizationally defined frequency onto a different system or media, this is a finding.

Check Text ( C-45618r1_chk )

Verify the firewall implementation is included in the site backup plan.
Verify files are periodically backed-up in accordance with an organizationally defined schedule.
Verify the backup job is scheduled to perform automatically without system administrator intervention.
Verify the backup is configured to a different system or off-line media.

If the firewall implementation is not configured to backup log records at an organizationally defined frequency onto a different system or media, this is a finding.

Fix Text (F-42296r1_fix)
Configure a backup job to automatically backup the configuration files for all firewalls periodically on a schedule identified by the DAA or designated representative. Verify the backup is configured to direct the log files to a different system or off-line media.