Check: WNFWA-000025
Microsoft Windows Defender Firewall with Advanced Security STIG:
WNFWA-000025
(in versions v2 r2 through v1 r5)
Title
Windows Defender Firewall with Advanced Security local connection rules must not be merged with Group Policy settings when connected to a public network. (Cat II impact)
Discussion
A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Local connection rules will not be merged with Group Policy settings on a public network to prevent Group Policy settings from being changed.
Check Content
If the system is not a member of a domain, this is NA. If the firewall's Public Profile is not enabled (see V-17417), this requirement is also a finding. Verify the registry value below. If this registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\ Value Name: AllowLocalIPsecPolicyMerge Type: REG_DWORD Value: 0x00000000 (0)
Fix Text
If the system is not a member of a domain, this is NA. Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Windows Defender Firewall with Advanced Security >> Windows Defender Firewall with Advanced Security >> Windows Defender Firewall Properties (this link will be in the right pane) >> Public Profile tab >> Settings (select Customize) >> Rule merging, "Apply local connection security rules:" to "No".
Additional Identifiers
Rule ID: SV-242005r922960_rule
Vulnerability ID: V-242005
Group Title: SRG-OS-000327-GPOS-00127
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001190 |
The information system fails to an organization-defined known-state for organization-defined types of failures. |
Controls
Number | Title |
---|---|
SC-24 |
Fail In Known State |