STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG providing user access control intermediary services must be configured with a pre-established trust relationship and mechanisms with appropriate authorities (e.g., Active Directory or AAA server) which validate user account access authorizations and privileges.

DISA Rule

SV-68753r1_rule

Vulnerability Number

V-54507

Group Title

SRG-NET-000138-ALG-000088

Rule Version

SRG-NET-000138-ALG-000088

Severity

CAT II

CCI(s)

CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

Fix Recommendation

If user access control intermediary services are provided, configure the ALG with a pre-established trust relationship and mechanisms with appropriate authorities which validate each user access authorization and privileges.

Check Contents

If the ALG does not provide user access control intermediary services, this is not applicable.

Verify the ALG is configured with a pre-established trust relationship and mechanisms with appropriate authorities which validate each user access authorization and privileges.

If the ALG is not configured with a pre-established trust relationship and mechanisms with appropriate authorities which validate each user access authorization and privileges, this is a finding.

The ALG providing user access control intermediary services must be configured with a pre-established trust relationship and mechanisms with appropriate authorities (e.g., Active Directory or AAA server) which validate user account access authorizations and privileges.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments