STIGQter STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 26 Jul 2019: The firewall must be configured to send a real-time alert to the ISSO and SA (at a minimum) in the event of an audit processing failure on the firewall itself.

DISA Rule

SV-94155r1_rule

Vulnerability Number

V-79449

Group Title

SRG-NET-000088-FW-000018

Rule Version

SRG-NET-000088-FW-000018

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the firewall (or another network device) to send an alert via instant message, email, or another authorized method to the ISSO, SA, and other identified personnel when an audit processing failure that prevents the device from generating, storing or sending events occurs on the device itself (e.g., a failure of the event daemon).

Check Contents

If a network device such as the events, network management, or SNMP server are configured to send an alert when an audit processing failure occurs, this is not a finding.

Verify the firewall is configured to send an alert via instant message, email, SNMP or another authorized method to the ISSO, SA, and other identified personnel when an audit processing failure occurs.

If the firewall is not configured to send an alert via an approved and immediate method when an audit processing failure occurs, this is a finding.

Vulnerability Number

V-79449

Documentable

False

Rule Version

SRG-NET-000088-FW-000018

Severity Override Guidance

If a network device such as the events, network management, or SNMP server are configured to send an alert when an audit processing failure occurs, this is not a finding.

Verify the firewall is configured to send an alert via instant message, email, SNMP or another authorized method to the ISSO, SA, and other identified personnel when an audit processing failure occurs.

If the firewall is not configured to send an alert via an approved and immediate method when an audit processing failure occurs, this is a finding.

Check Content Reference

M

Target Key

3377

Comments