STIGQter STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 26 Jul 2019: In the event of a system failure of the firewall function, the firewall must be configured to save diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted.

DISA Rule

SV-94171r1_rule

Vulnerability Number

V-79465

Group Title

SRG-NET-000236-FW-000027

Rule Version

SRG-NET-000236-FW-000027

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the firewall to fail securely in the event of a transiently corrupt state or failure condition.

When the system restarts, the system boot process must not succeed without passing all self-tests for cryptographic algorithms, RNG tests, and software integrity tests.

Check Contents

View the firewall failover configuration or system documentation.

Verify that in the event of a system failure of the firewall function, the firewall saves diagnostic information, logs system messages, and loads the most current security policies, rules, and signatures. Testing of this functionality in a production environment is not recommended.

If in the event of a system failure of the firewall function the firewall does not save diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted, this is a finding.

Vulnerability Number

V-79465

Documentable

False

Rule Version

SRG-NET-000236-FW-000027

Severity Override Guidance

View the firewall failover configuration or system documentation.

Verify that in the event of a system failure of the firewall function, the firewall saves diagnostic information, logs system messages, and loads the most current security policies, rules, and signatures. Testing of this functionality in a production environment is not recommended.

If in the event of a system failure of the firewall function the firewall does not save diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted, this is a finding.

Check Content Reference

M

Target Key

3377

Comments