STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG providing user authentication intermediary services must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

DISA Rule

SV-68755r1_rule

Vulnerability Number

V-54509

Group Title

SRG-NET-000138-ALG-000063

Rule Version

SRG-NET-000138-ALG-000063

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

If user access control intermediary services are provided, configure the ALG to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

Check Contents

If the ALG does not provide user authentication intermediary services, this is not applicable.

Verify the ALG uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

If the ALG does not uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users), this is a finding.

Vulnerability Number

V-54509

Documentable

False

Rule Version

SRG-NET-000138-ALG-000063

Severity Override Guidance

If the ALG does not provide user authentication intermediary services, this is not applicable.

Verify the ALG uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

If the ALG does not uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users), this is a finding.

Check Content Reference

M

Target Key

2489

Comments