The firewall must be configured to allow the system administrator to select a subset of DoD-required auditable events.

From Firewall Security Requirements Guide

Associated with: CCI-000169

SV-94193r1_rule The firewall must be configured to allow the system administrator to select a subset of DoD-required auditable events.

Vulnerability discussion

The generation of logs with a subset of criteria aide the system administrator, maintainers, and auditors when troubleshooting issues or reviewing the log for trends or security breaches. Traffic log records can be generated from various components within the information system (e.g., network interface, access control list, or filter).The DoD list of auditable events include the logging and audit requirements required by this document and any additional local requirements.

Check content

Obtain a list of required auditable events from the site representative or the System Security Plan (SSP). View the firewall configuration. Verify the firewall allows the system administrator to select a subset of DoD-required auditable events. If the firewall is not configured to allow the system administrator to select a subset of DoD-required events, this is a finding.

Fix text

Configure the firewall audit management functions to allow the authorized system administrator to select from a list of auditable events, to include the firewall's network interfaces, rules, and policies.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.