STIGQter: STIG Summary: Palo Alto Networks ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Palo Alto Networks security platform must only allow incoming communications from organization-defined authorized sources forwarded to organization-defined authorized destinations.

DISA Rule

SV-228862r557387_rule

Vulnerability Number

V-228862

Group Title

SRG-NET-000364-ALG-000122

Rule Version

PANW-AG-000107

Severity

CAT II

CCI(s)

• CCI-002403 - The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Weight

10

Fix Recommendation

To create or edit a Security Policy,
Go to Policies >> Security
Select "Add" to create a new security policy, or select the name of the security policy to edit it.
Configure the specific parameters of the policy by completing the required information in the fields of each tab.
Commit changes by selecting "Commit" in the upper-right corner of the screen.
Select "OK" when the confirmation dialog appears.

Check Contents

Obtain and review the list of authorized sources and destinations. This is usually part of the System Design Specification or Accreditation Package.
Go to Policies >> Security; review each of the configured security policies in turn.
If any of the policies allows traffic that is not part of the authorized sources and destinations list, this is a finding.

Vulnerability Number

V-228862

Documentable

False

Rule Version

PANW-AG-000107

Severity Override Guidance

Obtain and review the list of authorized sources and destinations. This is usually part of the System Design Specification or Accreditation Package.
Go to Policies >> Security; review each of the configured security policies in turn.
If any of the policies allows traffic that is not part of the authorized sources and destinations list, this is a finding.

Check Content Reference

M

Target Key

4233

Comments