STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG that is part of a CDS must enforce dynamic traffic flow control based on organization-defined policies.

DISA Rule

SV-68733r1_rule

Vulnerability Number

V-54487

Group Title

SRG-NET-000029-ALG-000079

Rule Version

SRG-NET-000029-ALG-000079

Severity

CAT II

CCI(s)

• CCI-000027 - The information system enforces dynamic information flow control based on organization-defined policies.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If the ALG is part of a CDS, configure the ALG to enforce dynamic flow control based on organization-defined policies.

Check Contents

If the ALG is not part of a CDS, this is not applicable.

Verify changes made to the policy filters (e.g., rules sets or content filters) take effect immediately. The change in the filter must be applied to active sessions as well as new sessions without the need for restart of recompiling.

If the ALG does not enforce dynamic traffic flow control based on organization-defined policies, this is a finding.

Vulnerability Number

V-54487

Documentable

False

Rule Version

SRG-NET-000029-ALG-000079

Severity Override Guidance

If the ALG is not part of a CDS, this is not applicable.

Verify changes made to the policy filters (e.g., rules sets or content filters) take effect immediately. The change in the filter must be applied to active sessions as well as new sessions without the need for restart of recompiling.

If the ALG does not enforce dynamic traffic flow control based on organization-defined policies, this is a finding.

Check Content Reference

M

Target Key

2489

Comments