Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000089-FW-000056 | SRG-NET-000089-FW-000056 | SRG-NET-000089-FW-000056_rule | Medium |
Description |
---|
It is critical that if the firewall implementation is at risk of failing to process logs, it takes action to mitigate the failure. Responses to a logging failure depend upon the nature of the failure. If the failure was caused by the lack of log storage capacity, the network element must continue generating audit records if possible (automatically restarting the audit service if necessary), overwriting the oldest audit records with the newest. This is known as a circular buffer and is commonly used. |
STIG | Date |
---|---|
Firewall Security Requirements Guide | 2014-07-07 |
Check Text ( C-SRG-NET-000089-FW-000056_chk ) |
---|
Review the configuration of the firewall implementation. If logging to the local buffer does not overwrite older records with new records when the buffer is full (circular buffer), this is a finding. |
Fix Text (F-SRG-NET-000089-FW-000056_fix) |
---|
Configure the firewall implementation to use a circular log buffer (this may be a default action). |