STIGQter: STIG Summary: Palo Alto Networks ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Palo Alto Networks security platform must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

DISA Rule

SV-228840r557387_rule

Vulnerability Number

V-228840

Group Title

SRG-NET-000132-ALG-000087

Rule Version

PANW-AG-000038

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

To configure a security policy:
Go to Policies >> Security
Select "Add".
In the "Security Policy Rule" window, complete the required fields.
In the "General" tab, complete the "Name" and "Description" fields.
In the "Source" tab, complete the "Source Zone" and "Source Address" fields.
In the "User" tab, select "Any" or complete the "Source User" field; this is completed if the policy performs the defined actions based on an individual user or group of users. If using GlobalProtect with Host Information Profile (HIP) enabled, select the "HIP Profiles" check box, and add the HIP Object or HIP Profile.
In the "Destination" tab, complete the "Destination Zone" and "Destination Address" fields.
In the "Applications" tab, select the authorized applications.
In the "Service/URL Category" tab, select application-default. To add a service, select the "Service" check box, select "Add", and select a listed service or add a new service or service group.
In the "Actions" tab, select either "Deny" or "Allow" (as required) as the resulting action. Select the required Log Setting and Profile Settings as necessary.
Commit changes by selecting "Commit" in the upper-right corner of the screen.
Select "OK" when the confirmation dialog appears.

Check Contents

Review the list of authorized applications, endpoints, services, and protocols that has been added to the PPSM database.
Go to Policies >> Security
Review each of the configured security policies in turn.
If any of the policies allows traffic that is prohibited by the PPSM CAL, this is a finding.

Vulnerability Number

V-228840

Documentable

False

Rule Version

PANW-AG-000038

Severity Override Guidance

Review the list of authorized applications, endpoints, services, and protocols that has been added to the PPSM database.
Go to Policies >> Security
Review each of the configured security policies in turn.
If any of the policies allows traffic that is prohibited by the PPSM CAL, this is a finding.

Check Content Reference

M

Target Key

4233

Comments