UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

In the event of a logging failure, the firewall implementation must overwrite the oldest log records.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000089-FW-000056 SRG-NET-000089-FW-000056 SRG-NET-000089-FW-000056_rule Medium
Description
It is critical that if the firewall implementation is at risk of failing to process logs, it takes action to mitigate the failure. Responses to a logging failure depend upon the nature of the failure. If the failure was caused by the lack of log storage capacity, the network element must continue generating audit records if possible (automatically restarting the audit service if necessary), overwriting the oldest audit records with the newest. This is known as a circular buffer and is commonly used.
STIG Date
Firewall Security Requirements Guide 2014-07-07

Details

Check Text ( C-SRG-NET-000089-FW-000056_chk )
Review the configuration of the firewall implementation. If logging to the local buffer does not overwrite older records with new records when the buffer is full (circular buffer), this is a finding.
Fix Text (F-SRG-NET-000089-FW-000056_fix)
Configure the firewall implementation to use a circular log buffer (this may be a default action).