STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG that is part of a CDS must enforce information flow control based on organization-defined metadata.

DISA Rule

SV-68735r1_rule

Vulnerability Number

V-54489

Group Title

SRG-NET-000280-ALG-000080

Rule Version

SRG-NET-000280-ALG-000080

Severity

CAT II

CCI(s)

• CCI-000030 - The information system enforces information flow control based on organization-defined metadata.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If the ALG is part of a CDS, configure inbound or outbound policy filters to enforce traffic flow across the controlled security boundary based on organization-defined metadata.

Check Contents

If the ALG is not part of a CDS, this is not applicable.

Verify that policy filters exist that enforce traffic flow inbound and outbound across the controlled security boundary based on organization-defined metadata.

If the ALG does not control traffic based on organization-defined metadata, this is a finding.

Vulnerability Number

V-54489

Documentable

False

Rule Version

SRG-NET-000280-ALG-000080

Severity Override Guidance

If the ALG is not part of a CDS, this is not applicable.

Verify that policy filters exist that enforce traffic flow inbound and outbound across the controlled security boundary based on organization-defined metadata.

If the ALG does not control traffic based on organization-defined metadata, this is a finding.

Check Content Reference

M

Target Key

2489

Comments