STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG providing user authentication intermediary services must transmit only encrypted representations of passwords.

DISA Rule

SV-68771r1_rule

Vulnerability Number

V-54525

Group Title

SRG-NET-000400-ALG-000097

Rule Version

SRG-NET-000400-ALG-000097

Severity

CAT II

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

If user authentication intermediary services are provided, configure the ALG to transmit only encrypted representations of passwords.

Check Contents

If the ALG does not provide user authentication intermediary services, this is not applicable.

Verify the ALG transmits only encrypted representations of passwords.

If the ALG does not transmit only encrypted representations of passwords, this is a finding.

Vulnerability Number

V-54525

Documentable

False

Rule Version

SRG-NET-000400-ALG-000097

Severity Override Guidance

If the ALG does not provide user authentication intermediary services, this is not applicable.

Verify the ALG transmits only encrypted representations of passwords.

If the ALG does not transmit only encrypted representations of passwords, this is a finding.

Check Content Reference

M

Target Key

2489

Comments