STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG providing user access control intermediary services for publicly accessible applications must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system.

DISA Rule

SV-68639r1_rule

Vulnerability Number

V-54393

Group Title

SRG-NET-000043-ALG-000024

Rule Version

SRG-NET-000043-ALG-000024

Severity

CAT II

CCI(s)

• CCI-001384 - The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access.
• CCI-001385 - The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities.
• CCI-001386 - The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities.
• CCI-001387 - The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.
• CCI-001388 - The information system, for publicly accessible systems, includes a description of the authorized uses of the system.

Weight

10

Fix Recommendation

If user access control intermediary services are provided, configure the ALG to display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system.

Check Contents

If the ALG does not provide user access control intermediary services, this is not applicable.

Verify the ALG displays the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system.

If the ALG does not display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system, this is a finding.

Vulnerability Number

V-54393

Documentable

False

Rule Version

SRG-NET-000043-ALG-000024

Severity Override Guidance

If the ALG does not provide user access control intermediary services, this is not applicable.

Verify the ALG displays the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system.

If the ALG does not display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system, this is a finding.

Check Content Reference

M

Target Key

2489

Comments