STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG providing user access control intermediary services must retain the session lock until the user reestablishes access using established identification and authentication procedures.

DISA Rule

SV-70449r1_rule

Vulnerability Number

V-56195

Group Title

SRG-NET-000516-ALG-000516

Rule Version

SRG-NET-000516-ALG-000516

Severity

CAT II

CCI(s)

• CCI-000056 - The information system retains the session lock until the user reestablishes access using established identification and authentication procedures.

Weight

10

Fix Recommendation

If user access control intermediary services are provided, configure the ALG to retain the session lock until the user reestablishes access using established identification and authentication procedures.

Check Contents

If the ALG does not provide user access control intermediary services, this is not applicable.

Verify the ALG retains the session lock until the user reestablishes access using established identification and authentication procedures.

If the ALG does not retain the session lock until the user reestablishes access using established identification and authentication procedures, this is a finding.

Vulnerability Number

V-56195

Documentable

False

Rule Version

SRG-NET-000516-ALG-000516

Severity Override Guidance

If the ALG does not provide user access control intermediary services, this is not applicable.

Verify the ALG retains the session lock until the user reestablishes access using established identification and authentication procedures.

If the ALG does not retain the session lock until the user reestablishes access using established identification and authentication procedures, this is a finding.

Check Content Reference

M

Target Key

2489

Comments