STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG providing user access control intermediary services must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.

DISA Rule

SV-68583r1_rule

Vulnerability Number

V-54337

Group Title

SRG-NET-000053-ALG-000001

Rule Version

SRG-NET-000053-ALG-000001

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

If user access control intermediary services are provided, configure the ALG to limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types.

Check Contents

If the ALG does not provide user access control intermediary services, this is not applicable.

Verify the ALG limits the number of concurrent sessions to an organization-defined number for all accounts and/or account types.

If the ALG does not limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types, this is a finding.

Vulnerability Number

V-54337

Documentable

False

Rule Version

SRG-NET-000053-ALG-000001

Severity Override Guidance

If the ALG does not provide user access control intermediary services, this is not applicable.

Verify the ALG limits the number of concurrent sessions to an organization-defined number for all accounts and/or account types.

If the ALG does not limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types, this is a finding.

Check Content Reference

M

Target Key

2489

Comments