V-79463
The firewall must fail to a secure state uponif the failurefirewall offiltering thefunctions following:fail system initialization, shutdown, or system abortunexpectedly.
Discussion
Firewalls that fail suddenly and with no incorporated failure state planning may leave the hosting system available but with a reduced security protection. Failure to a known safe state helps prevent systems from failing to a state that may cause loss of data or unauthorized access to systemmake resources.changes Networkto elementsthe thatfirewall failfiltering suddenlyfunctions.
andThis withapplies noto incorporatedthe failureconfiguration stateof planning may leave the hostinggateway systemor availablenetwork buttraffic withsecurity afunction reducedof securitythe protection capabilitydevice. PreservingAbort therefers informationto systemstopping statethe informationfirewall alsofiltering facilitatesfunction systembefore restartit andhas returnfinished tonaturally. theThe operationalterm modeabort ofrefers theto organizationboth withrequested lessand disruptionunexpected to mission-essential processesterminations.
Fix Text
Configure the firewall to stopfail forwardingto traffica orsecure maintainstate theif configured security policies upon the failurefirewall offiltering thefunctions followingfail actions: system initialization, shutdown, or system abortunexpectedly.
Check Content
VerifyReview the firewall stopsconfiguration forwardingto trafficverify orit maintainsfails theto configureda securitysecure policiesstate uponif the failurefirewall offiltering thefunctions following:fail system initialization, shutdown, or system abortunexpectedly.
If the firewall does not stopfail forwardingto traffica orsecure maintainstate theif configured security policies upon the failurefirewall offiltering systemfunctions initialization,fail shutdownunexpectedly, or system abort, this is a finding.