The firewall implementation must make alarm messages identifying a security violation accessible to authorized personnel.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000335-FW-000217	SRG-NET-000335-FW-000217	SRG-NET-000335-FW-000217_rule		Medium

Description
It is essential for security personnel to know what is being done, what was attempted, where it was done, when it was done, and by whom it was done in order to compile an accurate risk assessment. The relevant audit information must be available to administrators. The log records/alerts associated with a security violation must be accessible by authorized personnel so they can readily view them and take appropriate action based on the contents of the alert.

Description

It is essential for security personnel to know what is being done, what was attempted, where it was done, when it was done, and by whom it was done in order to compile an accurate risk assessment. The relevant audit information must be available to administrators. The log records/alerts associated with a security violation must be accessible by authorized personnel so they can readily view them and take appropriate action based on the contents of the alert.

STIG	Date
Firewall Security Requirements Guide	2014-07-07

Details

Check Text ( C-SRG-NET-000335-FW-000217_chk )
Check the file permissions of the log records; if they do not allow System Administrators and other authorized personnel to view them, this is a finding.

Fix Text (F-SRG-NET-000335-FW-000217_fix)
Set the file permissions of log records to allow read access by authorized personnel.