CASA-FW-000020 - The Cisco ASA must immediately use updates made to policy enforcement mechanisms such as firewall rules, security policies, and security zones.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Information flow policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changes to the Ports, Protocols, Services Management (PPSM) Category Assurance Levels (CAL) list, vulnerability assessments, or mission conditions. Changing conditions include changes in the threat environment and detection of potentially harmful or adverse events.

Solution

Remove the command asp rule-engine transactional-commit access-group

ASA(config)# no asp rule-engine transactional-commit access-group

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_ASA_Y23M01_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001414, Rule-ID|SV-239853r665845_rule, STIG-ID|CASA-FW-000020, Vuln-ID|V-239853

Plugin: Cisco

Control ID: 309af66c75a2ebfd8b876f874bb9cf8c15ad6a24a74486b81d772c3ea8926fe2