STIGQter STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

If communication with the central audit server is lost, the firewall must generate a real-time alert to, at a minimum, the SCA and ISSO.

DISA Rule

SV-206700r604133_rule

Vulnerability Number

V-206700

Group Title

SRG-NET-000335

Rule Version

SRG-NET-000335-FW-000017

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the firewall (or another network device) to send an alert via instant message, email, or another authorized method to the SCA, ISSO, and other identified personnel for any log failure event where the filtering functions are unable to write events to the central audit server.

Check Contents

If a network device such as the events, network management, or SNMP server is configured to send an alert when communication is lost with the central audit server, this is not a finding.

Verify the firewall is configured to send an alert via instant message, email, SNMP, or another authorized method to the SCA, ISSO, and other identified personnel when communication is lost with the central audit server.

If the firewall is not configured to send an immediate alert via an approved method when communication is lost with the central audit server, this is a finding.

Vulnerability Number

V-206700

Documentable

False

Rule Version

SRG-NET-000335-FW-000017

Severity Override Guidance

If a network device such as the events, network management, or SNMP server is configured to send an alert when communication is lost with the central audit server, this is not a finding.

Verify the firewall is configured to send an alert via instant message, email, SNMP, or another authorized method to the SCA, ISSO, and other identified personnel when communication is lost with the central audit server.

If the firewall is not configured to send an immediate alert via an approved method when communication is lost with the central audit server, this is a finding.

Check Content Reference

M

Target Key

2912

Comments