UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must protect audit tools from unauthorized modification.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000102-FW-000220 SRG-NET-000102-FW-000220 SRG-NET-000102-FW-000220_rule Medium
Description
If an audit tool is compromised, the validity of any audits that are performed using that tool may also be compromised and may be invalid. Basing decisions or attributions on an invalid audit may result in necessary actions not being taken. An audit is the examination and verification of accounts and log records to identify security relevant information such as system or user accesses. They can be very detailed and time-consuming; therefore, there are software tools that are used to manipulate log data to assist authorized personnel in performing audits. Computer Assisted Audit Tools and Techniques (CAATT) use data extraction and analysis software to more efficiently analyze log records; this software can vary widely, and may be part of the firewall’s Graphical User Interface (GUI) and an add-on software module. Examples of this type of tool are firewall analysis software or even spreadsheet programs. Audit tools include, but are not limited to, vendor-provided and open source audit tools used to view and manipulate information system activity and records such as custom query and report generators. Firewalls or components with an Access Control List that provide tools to access or manipulate audit data will leverage user permissions and roles identifying the user accessing the tools and the corresponding rights the user has in order to make access decisions regarding the access to audit tools.
STIG Date
Firewall Security Requirements Guide 2014-07-07

Details

Check Text ( C-SRG-NET-000102-FW-000220_chk )
Verify audit tools do not allow unauthorized write or execution access; directory and file permissions of audit tools must be set to only allow those authorized individuals or groups access. If any one of them does not, this is a finding.
Fix Text (F-SRG-NET-000102-FW-000220_fix)
Configure the firewall implementation protect audit tools from unauthorized write or execution access. Set file permissions to only allow access to authorized individuals or groups.