STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG that is part of a CDS must allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.

DISA Rule

SV-68713r1_rule

Vulnerability Number

V-54467

Group Title

SRG-NET-000022-ALG-000069

Rule Version

SRG-NET-000022-ALG-000069

Severity

CAT II

CCI(s)

• CCI-000035 - The information system provides the capability for privileged administrators to configure the organization-defined security policy filters to support different security policies.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If the ALG is part of a CDS, configure the ALG to allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.

Check Contents

If the ALG is not part of a CDS, this is not applicable.

Verify the ALG allows privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.

If the ALG does not allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control, this is a finding.

Vulnerability Number

V-54467

Documentable

False

Rule Version

SRG-NET-000022-ALG-000069

Severity Override Guidance

If the ALG is not part of a CDS, this is not applicable.

Verify the ALG allows privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.

If the ALG does not allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control, this is a finding.

Check Content Reference

M

Target Key

2489

Comments