Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-37371 | SRG-NET-999999-FW-000201 | SV-49132r1_rule | Low |
Description |
---|
Firewall application event logging is a key component of any security architecture. An attack may cause corruption or delete the active events log. Maintaining a backup of the logs will minimize the loss of data needed for incident investigation, forensics analysis, or operational trend analysis. |
STIG | Date |
---|---|
Firewall Security Requirements Guide | 2013-04-24 |
Check Text ( C-45618r1_chk ) |
---|
Verify the firewall implementation is included in the site backup plan. Verify files are periodically backed-up in accordance with an organizationally defined schedule. Verify the backup job is scheduled to perform automatically without system administrator intervention. Verify the backup is configured to a different system or off-line media. If the firewall implementation is not configured to backup log records at an organizationally defined frequency onto a different system or media, this is a finding. |
Fix Text (F-42296r1_fix) |
---|
Configure a backup job to automatically backup the configuration files for all firewalls periodically on a schedule identified by the DAA or designated representative. Verify the backup is configured to direct the log files to a different system or off-line media. |