Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000335-FW-000216 | SRG-NET-000335-FW-000216 | SRG-NET-000335-FW-000216_rule | Medium |
Description |
---|
If the firewall implementation becomes unable to write events to either local storage or to a centralized server, this is a logging failure. Configuring the network device or log server to provide alerts to the administrator in the event of a log failure ensures administrative staff is aware of critical alerts. This can happen when the local storage is full and the device is not configured to overwrite the oldest record in the file with the newest (circular buffer) or when connectivity to the centralized log server is lost or when the log process is stopped or hung. If this happens, there is a risk that high priority messages will not be logged and noted by the responsible personnel. Severity levels 0 (Emergency), 1 (Alert), and 2 (Critical) require messages to be sent in real time (within seconds) to responsible personnel so they can take immediate corrective actions. The firewall or devices with an Access Control List must generate an alert which will notify system administrators and other designated personnel of the failure to log messages of severity levels 0 through 2 (inclusive). |
STIG | Date |
---|---|
Firewall Security Requirements Guide | 2014-07-07 |
Check Text ( C-SRG-NET-000335-FW-000216_chk ) |
---|
Review the configuration of the firewall implementation. If it is not configured to notify System Administrators and other designated personnel of the failure to log messages of severity levels 0 through 2, at a minimum, this is a finding. |
Fix Text (F-SRG-NET-000335-FW-000216_fix) |
---|
Configure the firewall implementation to notify System Administrators and other designated personnel of the failure to log messages of severity levels 0 through 2 at a minimum. |