STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG providing user authentication intermediary services must use multifactor authentication for network access to non-privileged accounts.

DISA Rule

SV-68767r1_rule

Vulnerability Number

V-54521

Group Title

SRG-NET-000140-ALG-000094

Rule Version

SRG-NET-000140-ALG-000094

Severity

CAT II

CCI(s)

• CCI-000766 - The information system implements multifactor authentication for network access to non-privileged accounts.

Weight

10

Fix Recommendation

If user authentication intermediary services are provided, configure the ALG to use multifactor authentication for network access to non-privileged accounts.

Check Contents

If the ALG does not provide user authentication intermediary services, this is not applicable.

Verify the ALG is configured to use multifactor authentication for network access to non-privileged accounts.

If the ALG does not use multifactor authentication for network access to non-privileged accounts, this is a finding.

Vulnerability Number

V-54521

Documentable

False

Rule Version

SRG-NET-000140-ALG-000094

Severity Override Guidance

If the ALG does not provide user authentication intermediary services, this is not applicable.

Verify the ALG is configured to use multifactor authentication for network access to non-privileged accounts.

If the ALG does not use multifactor authentication for network access to non-privileged accounts, this is a finding.

Check Content Reference

M

Target Key

2489

Comments