STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The firewall must generate traffic log entries containing information to establish the source of the events, such as the source IP address at a minimum.

DISA Rule

SV-206681r604133_rule

Vulnerability Number

V-206681

Group Title

SRG-NET-000077

Rule Version

SRG-NET-000077-FW-000012

Severity

CAT III

CCI(s)

• CCI-000133 - The information system generates audit records containing information that establishes the source of the event.

Weight

10

Fix Recommendation

Configure the firewall implementation to ensure entries sent to the traffic log include sufficient information to ascertain the source of each event (e.g., IP address, session, or packet ID).

Check Contents

Examine the traffic log configuration on the firewall or view several alert events on the organization's central audit server.

Verify the entries sent to the traffic log include sufficient information to ascertain the source of the events (e.g., IP address, session, or packet ID).

If the traffic log entries do not include sufficient information to ascertain the source of the events, this is a finding.

Vulnerability Number

V-206681

Documentable

False

Rule Version

SRG-NET-000077-FW-000012

Severity Override Guidance

Examine the traffic log configuration on the firewall or view several alert events on the organization's central audit server.

Verify the entries sent to the traffic log include sufficient information to ascertain the source of the events (e.g., IP address, session, or packet ID).

If the traffic log entries do not include sufficient information to ascertain the source of the events, this is a finding.

Check Content Reference

M

Target Key

2912

Comments