UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must maintain a current configuration that enforces dynamic information flow control based on organization-defined policies.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000019-FW-000208 SRG-NET-000019-FW-000208 SRG-NET-000019-FW-000208_rule Medium
Description
If configuration changes are not being saved, the firewall implementation will revert to a possibly unsecure configuration when it reboots; therefore, it is imperative that the most recent configuration be saved to non-volatile memory. Some devices save configurations to non-volatile memory when the configuration is committed while others require a separate step in order to save the active configuration to non-volatile memory.
STIG Date
Firewall Security Requirements Guide 2014-07-07

Details

Check Text ( C-SRG-NET-000019-FW-000208_chk )
Verify that configuration changes have been saved/committed and have taken effect. If they have not, this is a finding. Compare the configuration that the device uses when it boots to the configuration in effect after its most recent change; if they are different, this is a finding.
Fix Text (F-SRG-NET-000019-FW-000208_fix)
Configuration changes must take effect as they are made or committed. Save/commit the configuration when or immediately after making changes.