UCF STIG Viewer Logo

The firewall must be configured to allow authorized users to record a packet capture based IP, traffic type (TCP, UDP, or ICMP), or protocol.


Overview

Finding ID Version Rule ID IA Controls Severity
V-206712 SRG-NET-000399-FW-000008 SV-206712r604133_rule Medium
Description
Without the ability to capture, record, and log content related to a user session, investigations into suspicious user activity would be hampered. This configuration ensures the ability to select specific sessions to capture in order to support general auditing/incident investigation or to validate suspected misuse.
STIG Date
Firewall Security Requirements Guide 2022-09-12

Details

Check Text ( C-6969r297915_chk )
View the documented process for packet capture.

Verify the firewall allows authorized users to perform a packet capture based on IP, traffic type (TCP, UDP, or ICMP), or protocol.

If the firewall is not configured to allow authorized users to capture, record, and log all content related to a user session, this is a finding.
Fix Text (F-6969r297916_fix)
Document a process for authorized users to capture, record, and log all content based on IP, traffic type (TCP, UDP, or ICMP), or protocol.