Title

The ALG must identify and log internal users associated with denied outgoing communications traffic posing a threat to external information systems. (Cat II impact)

Discussion

Without identifying the users who initiated the traffic, it would be difficult to identify those responsible for the denied communications. This requirement applies to those network elements that perform Data Leakage Prevention (DLP) (e.g., ALGs, proxies, or application level firewalls).

Check Content

Verify the ALG identifies and logs internal users associated with denied outgoing communications traffic posing a threat to external information systems. If the ALG does not identify and log internal users associated with denied outgoing communications traffic posing a threat to external information systems, this is a finding.

Fix Text

Configure the ALG to identify and log internal users associated with denied outgoing communications traffic posing a threat to external information systems.

Additional Identifiers

Rule ID: SV-205010r831386_rule

Vulnerability ID: V-205010

Group Title: SRG-NET-000370

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.