STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The firewall must protect the traffic log from unauthorized modification of local log records.

DISA Rule

SV-206687r604133_rule

Vulnerability Number

V-206687

Group Title

SRG-NET-000099

Rule Version

SRG-NET-000099-FW-000161

Severity

CAT II

CCI(s)

• CCI-000163 - The information system protects audit information from unauthorized modification.

Weight

10

Fix Recommendation

Validate the firewall includes a baseline cryptographic module that provides confidentiality and integrity services for authentication and for protecting communications with adjacent systems.

Configure role-based, fine-grained permissions management for controlling commands needed to modify log records.

Check Contents

Verify the firewall's fine-grained permissions are configured to prevent unauthorized modification of local log records.

If the firewall does not protect traffic log records from unauthorized modification while stored locally, this is a finding.

Vulnerability Number

V-206687

Documentable

False

Rule Version

SRG-NET-000099-FW-000161

Severity Override Guidance

Verify the firewall's fine-grained permissions are configured to prevent unauthorized modification of local log records.

If the firewall does not protect traffic log records from unauthorized modification while stored locally, this is a finding.

Check Content Reference

M

Target Key

2912

Comments