UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including NSA configuration guides, Communications Tasking Orders (CTOs), and Directive-Type Memorandums (DTMs).


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000512-FW-000222 SRG-NET-000512-FW-000222 SRG-NET-000512-FW-000222_rule Medium
Description
If the firewall or device implementing an ACL/rule set does not follow established security guidance, it is likely that it is not adequately secured, which increases the risk. Configuring the firewall or device implementing an ACL to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. Common secure configurations (also referred to as security configuration checklists, lockdown and hardening guides, security reference guides, security technical implementation guides) provide recognized, standardized, and established benchmarks that stipulate secure configuration settings for specific information technology platforms/products and instructions for configuring those information system components to meet operational requirements. Typically, an equipment vendor provides their product on an appliance with an embedded operating system (either a modified version of a common operating system or a proprietary operating system) and other application and/or database code. To minimize risk, a firewall or device implementing an ACL must use a secure or hardened platform and comply with all applicable configuration guidance.
STIG Date
Firewall Security Requirements Guide 2014-07-07

Details

Check Text ( C-SRG-NET-000512-FW-000222_chk )
Review the configuration of the firewall implementation and verify that it is configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance. This may involve interviewing the System Administrators, IAM or personnel designated by the IAM, and the program’s Configuration Management personnel.
Fix Text (F-SRG-NET-000512-FW-000222_fix)
Configure the firewall implementation in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including NSA configuration guides, CTOs, and DTMs. Follow local change management processes when implementing configuration changes.