UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must write log records to centralized, redundant log servers and those records backed up to a different system or media.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000334-FW-000201 SRG-NET-000334-FW-000201 SRG-NET-000334-FW-000201_rule Medium
Description
Information stored in one location is vulnerable to accidental or intentional deletion or alteration. Sending log records to a log server is a form of “off-loading” and is a common practice since network elements usually have a limited amount of storage. This also prevents the log records from being lost if the logs stored locally are accidentally or intentionally deleted, altered, or corrupted. Network elements such as firewalls and components with Access Control Lists must have the capability to support centralized logging. They must be configured to send log messages to centralized, redundant servers. In turn, the log servers must be backed up to a separate storage device or to different media (such as CD-ROM). This allows the records to be saved in case an investigation or audit is performed at a later date.
STIG Date
Firewall Security Requirements Guide 2014-07-07

Details

Check Text ( C-SRG-NET-000334-FW-000201_chk )
Review the firewall implementation configuration. If the firewall implementation is not configured to send log messages to the log servers, this is a finding.

Review backup procedure documentation and verify that log data is backed up (saved) to different media (such as CD-ROM, magnetic tape, etc). If log records are not included in backups, this is a finding.
Fix Text (F-SRG-NET-000334-FW-000201_fix)
Configure the firewall implementation to send log messages to the log servers.

Include log records in backups and backup the records to different media.