The firewall implementation must not enable the service or feature that automatically contacts the vendor.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000131-FW-000223 | SRG-NET-000131-FW-000223 | SRG-NET-000131-FW-000223_rule | Medium |
| Description |
|---|
| "Call home" services or features will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. However, using this capability introduces the risk of transmission of sensitive data to unauthorized persons. The call home capability may not exist on a specific device and is rarely enabled by default. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2014-07-07 |
Details
| Check Text ( C-SRG-NET-000131-FW-000223_chk ) |
|---|
| Review the configuration of the firewall implementation. Verify the call home service or feature is disabled on the device. This may be a capability that is not enabled by default. If it is enabled, this is a finding. |
| Fix Text (F-SRG-NET-000131-FW-000223_fix) |
|---|
| Configure the network device to disable the call home service or feature. This may be a capability that is not enabled by default; if it is not, do not enable it. |