STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).

DISA Rule

SV-68887r1_rule

Vulnerability Number

V-54641

Group Title

SRG-NET-000202-ALG-000124

Rule Version

SRG-NET-000202-ALG-000124

Severity

CAT II

CCI(s)

• CCI-001109 - The information system at managed interfaces denies network communications traffic by default and allows network communications traffic by exception (i.e., deny all, permit by exception).

Weight

10

Fix Recommendation

Configure the ALG to deny network communications traffic by default and allow network communications traffic by exception on both inbound and outbound interfaces.

Check Contents

Verify the ALG denies network communications traffic by default and allows network communications traffic by exception on both inbound and outbound interfaces.

If the ALG does not deny network communications traffic by default and allow network communications traffic by exception on both inbound and outbound interfaces, this is a finding.

Vulnerability Number

V-54641

Documentable

False

Rule Version

SRG-NET-000202-ALG-000124

Severity Override Guidance

Verify the ALG denies network communications traffic by default and allows network communications traffic by exception on both inbound and outbound interfaces.

If the ALG does not deny network communications traffic by default and allow network communications traffic by exception on both inbound and outbound interfaces, this is a finding.

Check Content Reference

M

Target Key

2489

Comments