STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG that is part of a CDS must block the transfer of data with malformed security attribute metadata structures.

DISA Rule

SV-68737r1_rule

Vulnerability Number

V-54491

Group Title

SRG-NET-000280-ALG-000081

Rule Version

SRG-NET-000280-ALG-000081

Severity

CAT II

CCI(s)

• CCI-000030 - The information system enforces information flow control based on organization-defined metadata.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If the ALG is part of a CDS, configure the ALG to block the transfer of data with malformed security attribute metadata structures.

Check Contents

If the ALG is not part of a CDS, this is not applicable.

Verify the ALG is configured to block the transfer of data with malformed security attribute metadata structures.

If the ALG is not configured to block the transfer of data with malformed security attribute metadata structures, this is a finding.

Vulnerability Number

V-54491

Documentable

False

Rule Version

SRG-NET-000280-ALG-000081

Severity Override Guidance

If the ALG is not part of a CDS, this is not applicable.

Verify the ALG is configured to block the transfer of data with malformed security attribute metadata structures.

If the ALG is not configured to block the transfer of data with malformed security attribute metadata structures, this is a finding.

Check Content Reference

M

Target Key

2489

Comments