The firewall must generate traffic log entries containing information to establish the outcome of the events, such as, at a minimum, the success or failure of the application of the firewall rule.

STIG ID: SRG-NET-000078-FW-000013  |  SRG: SRG-NET-000078 |  Severity: medium |  CCI: CCI-000134 |  Vulnerability Id: V-206682 | 

Vulnerability Discussion

Without information about the outcome of events, security personnel cannot make an accurate assessment as to whether an attack was successful or if changes were made to the security state of the network.

Event outcomes can include indicators of event success or failure and event-specific results. They also provide a means to measure the impact of an event and help authorized personnel to determine the appropriate response.

Check

Examine the traffic log configuration on the firewall or view several alert events on the organization's central audit server.

Verify the entries sent to the traffic log include sufficient information to ascertain the outcome of the firewall rules. Verify that, at a minimum, the success or failure of the event is evented.

If the traffic log entries do not include sufficient information to ascertain the outcome of the application of the firewall rules, this is a finding.

If the traffic log entries do not include the success or failure of the application of the firewall rules, this is a finding.

Fix

Configure the firewall to generate traffic log entries containing information to establish the outcome of the events, such as, at a minimum, the success or failure of the application of the firewall rule.