STIGQter STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015: The ALG providing user authentication intermediary services must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

DISA Rule

SV-68761r1_rule

Vulnerability Number

V-54515

Group Title

SRG-NET-000340-ALG-000091

Rule Version

SRG-NET-000340-ALG-000091

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If user authentication intermediary services are provided, configure the ALG to implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Check Contents

If the ALG does not provide user authentication intermediary services, this is not applicable.

Verify the ALG implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

If the ALG does not implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access, this is a finding.

Vulnerability Number

V-54515

Documentable

False

Rule Version

SRG-NET-000340-ALG-000091

Severity Override Guidance

If the ALG does not provide user authentication intermediary services, this is not applicable.

Verify the ALG implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

If the ALG does not implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access, this is a finding.

Check Content Reference

M

Target Key

2489

Comments