Free DISA STIG and SRG Library | Vaulted

V-206685

The firewall must be configured to use TCP when sending log records to the central audit server.

Finding ID
SRG-NET-000098-FW-000021
Rule ID
SV-206685r604133_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-NET-000098
CCI
CCI-000366
Target Key
(None)
Documentable
No
Discussion

If the default UDP protocol is used for communication between the hosts and devices to the Central Log Server, then log records that do not reach the log server are not detected as a data loss. The use of TCP to transport log records to the log servers improves delivery reliability.

Fix Text

Configure the firewall to use TCP when sending log records to the central audit server.

Check Content

Review the firewall configuration and verify that it is configure to use TCP. If the firewall is not configured to use TCP when sending log records to the central audit server, this is a finding.