STIGQter: STIG Summary: Palo Alto Networks ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Palo Alto Networks security platform must continuously monitor outbound communications traffic crossing internal security boundaries.

DISA Rule

SV-228869r557387_rule

Vulnerability Number

V-228869

Group Title

SRG-NET-000391-ALG-000140

Rule Version

PANW-AG-000116

Severity

CAT II

CCI(s)

• CCI-002662 - The information system monitors outbound communications traffic per organization-defined frequency for unusual or unauthorized activities or conditions.

Weight

10

Fix Recommendation

The network architecture diagrams must identify where traffic crosses from one internal zone to another. The specific security policy is based on the authorized endpoints, applications, and protocols.

To create or edit a Security Policy:
Go to Policies >> Security
Select "Add" to create a new security policy or select the name of the security policy to edit it.
Configure the specific parameters of the policy by completing the required information in the fields of each tab.
Commit changes by selecting "Commit" in the upper-right corner of the screen.
Select "OK" when the confirmation dialog appears.

Check Contents

Obtain the network architecture diagrams and identify where traffic crosses from one internal zone to another and review the configuration of the Palo Alto Networks security platform.

If it does not monitor traffic passing between zones, this is a finding.

Vulnerability Number

V-228869

Documentable

False

Rule Version

PANW-AG-000116

Severity Override Guidance

Obtain the network architecture diagrams and identify where traffic crosses from one internal zone to another and review the configuration of the Palo Alto Networks security platform.

If it does not monitor traffic passing between zones, this is a finding.

Check Content Reference

M

Target Key

4233

Comments