STIGQter: STIG Summary: Application Layer Gateway (ALG) Security Requirements Guide (SRG) Version: 1 Release: 2 Benchmark Date: 24 Jul 2015:

The ALG must generate error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries.

DISA Rule

SV-68895r1_rule

Vulnerability Number

V-54649

Group Title

SRG-NET-000273-ALG-000129

Rule Version

SRG-NET-000273-ALG-000129

Severity

CAT II

CCI(s)

• CCI-001312 - The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Weight

10

Fix Recommendation

Configure the ALG to generate error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries.

Check Contents

Verify the ALG generates error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries.

If the ALG does not generate error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries, this is a finding.

Vulnerability Number

V-54649

Documentable

False

Rule Version

SRG-NET-000273-ALG-000129

Severity Override Guidance

Verify the ALG generates error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries.

If the ALG does not generate error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries, this is a finding.

Check Content Reference

M

Target Key

2489

Comments