UCF STIG Viewer Logo

The firewall must generate traffic log entries containing information to establish the outcome of the events, such as, at a minimum, the success or failure of the application of the firewall rule.


Overview

Finding ID Version Rule ID IA Controls Severity
V-206682 SRG-NET-000078-FW-000013 SV-206682r604133_rule Medium
Description
Without information about the outcome of events, security personnel cannot make an accurate assessment as to whether an attack was successful or if changes were made to the security state of the network. Event outcomes can include indicators of event success or failure and event-specific results. They also provide a means to measure the impact of an event and help authorized personnel to determine the appropriate response.
STIG Date
Firewall Security Requirements Guide 2022-09-12

Details

Check Text ( C-6939r297825_chk )
Examine the traffic log configuration on the firewall or view several alert events on the organization's central audit server.

Verify the entries sent to the traffic log include sufficient information to ascertain the outcome of the firewall rules. Verify that, at a minimum, the success or failure of the event is evented.

If the traffic log entries do not include sufficient information to ascertain the outcome of the application of the firewall rules, this is a finding.

If the traffic log entries do not include the success or failure of the application of the firewall rules, this is a finding.
Fix Text (F-6939r297826_fix)
Configure the firewall to generate traffic log entries containing information to establish the outcome of the events, such as, at a minimum, the success or failure of the application of the firewall rule.