Check: SRG-NET-000327-ALG-000077
Application Layer Gateway (ALG) SRG (SRG):
SRG-NET-000327-ALG-000077
(in version v1 r2)
Title
The ALG that is part of a CDS must bind security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement. (Cat II impact)
Discussion
If security attributes are not associated with the information being transmitted between systems, then access control policies and information flows which depend on these security attributes will not function and may also result in the unauthorized release (spillage) of information. Binding techniques implemented by information systems affect the strength of security attribute binding to information. Binding strength and the assurance associated with binding techniques play an important part in the trust organizations have in the information flow enforcement process. The binding techniques affect the number and degree of additional reviews required by organizations. Examples of strong bindings are digital signatures and other cryptographic techniques. Organization-defined binding techniques for binding security attributes to associated information depend on the environment, data, and security boundaries of the specific CDS. Organizations implementing CDS must follow the DoD-required process of testing, baselining, and risk assessment to ensure the rigor and accuracy necessary to rely upon a CDS for cross domain security.
Check Content
If the ALG is not part of a CDS, this is not applicable. Verify the ALG binds security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement. If the ALG does not bind security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement, this is a finding.
Fix Text
If the ALG is part of a CDS, configure the ALG to bind security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement.
Additional Identifiers
Rule ID: SV-68729r1_rule
Vulnerability ID: V-54483
Group Title: SRG-NET-000327-ALG-000077
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-002210 |
The information system binds security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement. |