STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The firewall must generate traffic log entries containing information to establish the location on the network where the events occurred.

DISA Rule

SV-206680r604133_rule

Vulnerability Number

V-206680

Group Title

SRG-NET-000076

Rule Version

SRG-NET-000076-FW-000011

Severity

CAT II

CCI(s)

• CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.

Weight

10

Fix Recommendation

Configure the firewall to ensure entries sent to the traffic log include the location of each event (e.g., network name, network subnet, network segment, or port).

Check Contents

Examine the traffic log configuration on the firewall or view several alert events on the organization's central audit server.

Verify the entries sent to the traffic log include the location of each event (e.g., network name, network subnet, port, or network segment).

If the traffic log entries do not include the event location, this is a finding.

Vulnerability Number

V-206680

Documentable

False

Rule Version

SRG-NET-000076-FW-000011

Severity Override Guidance

Examine the traffic log configuration on the firewall or view several alert events on the organization's central audit server.

Verify the entries sent to the traffic log include the location of each event (e.g., network name, network subnet, port, or network segment).

If the traffic log entries do not include the event location, this is a finding.

Check Content Reference

M

Target Key

2912

Comments