The firewall implementation must maintain a current configuration that enforces dynamic information flow control based on organization-defined policies.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000019-FW-000208 | SRG-NET-000019-FW-000208 | SRG-NET-000019-FW-000208_rule | Medium |
| Description |
|---|
| If configuration changes are not being saved, the firewall implementation will revert to a possibly unsecure configuration when it reboots; therefore, it is imperative that the most recent configuration be saved to non-volatile memory. Some devices save configurations to non-volatile memory when the configuration is committed while others require a separate step in order to save the active configuration to non-volatile memory. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2014-07-07 |
Details
| Check Text ( C-SRG-NET-000019-FW-000208_chk ) |
|---|
| Verify that configuration changes have been saved/committed and have taken effect. If they have not, this is a finding. Compare the configuration that the device uses when it boots to the configuration in effect after its most recent change; if they are different, this is a finding. |
| Fix Text (F-SRG-NET-000019-FW-000208_fix) |
|---|
| Configuration changes must take effect as they are made or committed. Save/commit the configuration when or immediately after making changes. |