The firewall implementation must be configured to send an alert to designated personnel in the event of a logging failure.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000088-FW-000055 | SRG-NET-000088-FW-000055 | SRG-NET-000088-FW-000055_rule | Medium |
| Description |
|---|
| If the firewall becomes unable to write events to either local storage or to a centralized server, this is a logging failure. Configuring the network device or log server to provide alerts to the administrator in the event of a log failure ensures administrative staff is aware of critical alerts. This can happen when the local storage is full and the device is not configured to overwrite the oldest record in the file with the newest (circular buffer) or when connectivity to the centralized log server is lost or when the log process is stopped or hung. The firewall or components with an Access Control List must generate an alert which will notify system administrators and other designated personnel of the logging failure. Since system administrators must take action immediately, these messages are assigned level 1 priority/severity. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2014-07-07 |
Details
| Check Text ( C-SRG-NET-000088-FW-000055_chk ) |
|---|
| Review the configuration of the firewall implementation. If the device is not configured to send an alert to designated personnel in the event of a logging failure, this is a finding. |
| Fix Text (F-SRG-NET-000088-FW-000055_fix) |
|---|
| Configure the firewall implementation to send an alert to designated personnel in the event of a logging failure. |