The firewall implementation must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including NSA configuration guides, Communications Tasking Orders (CTOs), and Directive-Type Memorandums (DTMs).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000512-FW-000222	SRG-NET-000512-FW-000222	SRG-NET-000512-FW-000222_rule		Medium

Description
If the firewall or device implementing an ACL/rule set does not follow established security guidance, it is likely that it is not adequately secured, which increases the risk. Configuring the firewall or device implementing an ACL to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. Common secure configurations (also referred to as security configuration checklists, lockdown and hardening guides, security reference guides, security technical implementation guides) provide recognized, standardized, and established benchmarks that stipulate secure configuration settings for specific information technology platforms/products and instructions for configuring those information system components to meet operational requirements. Typically, an equipment vendor provides their product on an appliance with an embedded operating system (either a modified version of a common operating system or a proprietary operating system) and other application and/or database code. To minimize risk, a firewall or device implementing an ACL must use a secure or hardened platform and comply with all applicable configuration guidance.

Description

If the firewall or device implementing an ACL/rule set does not follow established security guidance, it is likely that it is not adequately secured, which increases the risk. Configuring the firewall or device implementing an ACL to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. Common secure configurations (also referred to as security configuration checklists, lockdown and hardening guides, security reference guides, security technical implementation guides) provide recognized, standardized, and established benchmarks that stipulate secure configuration settings for specific information technology platforms/products and instructions for configuring those information system components to meet operational requirements. Typically, an equipment vendor provides their product on an appliance with an embedded operating system (either a modified version of a common operating system or a proprietary operating system) and other application and/or database code. To minimize risk, a firewall or device implementing an ACL must use a secure or hardened platform and comply with all applicable configuration guidance.

STIG	Date
Firewall Security Requirements Guide	2014-07-07

Details

Check Text ( C-SRG-NET-000512-FW-000222_chk )
Review the configuration of the firewall implementation and verify that it is configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance. This may involve interviewing the System Administrators, IAM or personnel designated by the IAM, and the program’s Configuration Management personnel.

Fix Text (F-SRG-NET-000512-FW-000222_fix)
Configure the firewall implementation in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including NSA configuration guides, CTOs, and DTMs. Follow local change management processes when implementing configuration changes.