Windows Firewall with Advanced Security Security Technical Implementation Guide

V001.007R1 2018-07-27       U_Windows_Firewall_V1R7_STIG_SCAP_1-2_Benchmark.xml
The Windows Firewall with Advanced Security Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]
Vuln Rule Version CCI Severity Title Description
SV-54833r2_rule WNFWA-000001 CCI-001414 MEDIUM The Windows Firewall with Advanced Security must be enabled when connected to a domain. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. This setting enables the firewall when connected to the domain.
SV-54849r2_rule WNFWA-000002 CCI-001414 MEDIUM The Windows Firewall with Advanced Security must be enabled when connected to a private network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. This setting enables the firewall when connected to a private network.
SV-54855r2_rule WNFWA-000003 CCI-001414 MEDIUM The Windows Firewall with Advanced Security must be enabled when connected to a public network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. This setting enables the firewall when connected to a public network.
SV-54859r3_rule WNFWA-000004 CCI-000382 HIGH The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a domain. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Unsolicited inbound connections may be malicious attempts to gain access to a system. Unsolicited inbound connections, for which there is no rule allowing the connection, will be blocked in the domain.
SV-54863r3_rule WNFWA-000005 CCI-001094 MEDIUM The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a domain. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Outbound connections are allowed in the domain, unless a rule explicitly blocks the connection. This allows normal outbound communication, which could be restricted as necessary with additional rules.
SV-54874r3_rule WNFWA-000009 CCI-000140 LOW The Windows Firewall with Advanced Security log size must be configured for domain connections. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The firewall log file size for a domain connection will be set to ensure enough capacity is allocated for audit data.
SV-54877r3_rule WNFWA-000010 CCI-000172 LOW The Windows Firewall with Advanced Security must log dropped packets when connected to a domain. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of dropped packets for a domain connection will be enabled to maintain an audit trail of potential issues.
SV-54878r3_rule WNFWA-000011 CCI-001462 LOW The Windows Firewall with Advanced Security must log successful connections when connected to a domain. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of successful connections for a domain connection will be enabled to maintain an audit trail if issues are discovered.
SV-54879r3_rule WNFWA-000012 CCI-000382 HIGH The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a private network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Unsolicited inbound connections may be malicious attempts to gain access to a system. Unsolicited inbound connections, for which there is no rule allowing the connection, will be blocked on a private network.
SV-54890r3_rule WNFWA-000013 CCI-001094 MEDIUM The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a private network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Outbound connections are allowed on a private network, unless a rule explicitly blocks the connection. This allows normal outbound communication, which could be restricted as necessary with additional rules.
SV-54903r3_rule WNFWA-000017 CCI-000140 LOW The Windows Firewall with Advanced Security log size must be configured for private network connections. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The firewall log file size for a private connection will be set to ensure enough capacity is allocated for audit data.
SV-54904r3_rule WNFWA-000018 CCI-000172 LOW The Windows Firewall with Advanced Security must log dropped packets when connected to a private network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of dropped packets for a private network connection will be enabled to maintain an audit trail of potential issues.
SV-54905r3_rule WNFWA-000019 CCI-001462 LOW The Windows Firewall with Advanced Security must log successful connections when connected to a private network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of successful connections for a private network connection will be enabled to maintain an audit trail if issues are discovered.
SV-54906r3_rule WNFWA-000020 CCI-000382 HIGH The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a public network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Unsolicited inbound connections may be malicious attempts to gain access to a system. Unsolicited inbound connections, for which there is no rule allowing the connection, will be blocked on a public network.
SV-54908r3_rule WNFWA-000021 CCI-001094 MEDIUM The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a public network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Outbound connections are allowed on a public network, unless a rule explicitly blocks the connection. This allows normal outbound communication, which could be restricted as necessary with additional rules.
SV-54917r3_rule WNFWA-000024 CCI-001190 MEDIUM The Windows Firewall with Advanced Security local firewall rules must not be merged with Group Policy settings when connected to a public network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Local firewall rules will not be merged with Group Policy settings on a public network to prevent Group Policy settings from being changed.
SV-54918r3_rule WNFWA-000025 CCI-001190 MEDIUM The Windows Firewall with Advanced Security local connection rules must not be merged with Group Policy settings when connected to a public network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Local connection rules will not be merged with Group Policy settings on a public network to prevent Group Policy settings from being changed.
SV-54921r3_rule WNFWA-000027 CCI-000140 LOW The Windows Firewall with Advanced Security log size must be configured for public network connections. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The firewall log file size for a public network connection will be set to ensure enough capacity is allocated for audit data.
SV-54922r3_rule WNFWA-000028 CCI-000172 LOW The Windows Firewall with Advanced Security must log dropped packets when connected to a public network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of dropped packets for a public network connection will be enabled to maintain an audit trail of potential issues.
SV-54923r3_rule WNFWA-000029 CCI-001462 LOW The Windows Firewall with Advanced Security must log successful connections when connected to a public network. A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of successful connections for a public network connection will be enabled to maintain an audit trail if issues are discovered.