Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-206712 | SRG-NET-000399-FW-000008 | SV-206712r604133_rule | Medium |
Description |
---|
Without the ability to capture, record, and log content related to a user session, investigations into suspicious user activity would be hampered. This configuration ensures the ability to select specific sessions to capture in order to support general auditing/incident investigation or to validate suspected misuse. |
STIG | Date |
---|---|
Firewall Security Requirements Guide | 2022-09-12 |
Check Text ( C-6969r297915_chk ) |
---|
View the documented process for packet capture. Verify the firewall allows authorized users to perform a packet capture based on IP, traffic type (TCP, UDP, or ICMP), or protocol. If the firewall is not configured to allow authorized users to capture, record, and log all content related to a user session, this is a finding. |
Fix Text (F-6969r297916_fix) |
---|
Document a process for authorized users to capture, record, and log all content based on IP, traffic type (TCP, UDP, or ICMP), or protocol. |