An error occurred:

Check: SRG-NET-000022-ALG-000069

Application Layer Gateway SRG: SRG-NET-000022-ALG-000069 (in versions v2 r2 through v1 r2)

Title

The ALG that is part of a CDS must allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control. (Cat II impact)

Discussion

The use of security policy filters provides protection for the confidentiality of data by restricting the flow of data. The capability to configure policy filters allows the ALG to enforce more granular security policies to meet complex and changing mission needs. Policy filters enforce organizational security policy as it pertains to controlling data flow. Security policy filters can address data structures and content. These filters may include dirty word filters, file type checking filters, structured data filters, unstructured data filters, metadata content filters, and hidden content filters. The cross domain solution must be configured to restrict management access according to the privilege level the user has been granted. Authorization to configure security policies requires the highest privilege level. This control requires the device have the capability for privileged administrators to configure security filters and to reconfigure these policies as needed to support changes in security policy.

Check Content

If the ALG is not part of a CDS, this is not applicable. Verify the ALG allows privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control. If the ALG does not allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control, this is a finding.

Fix Text

If the ALG is part of a CDS, configure the ALG to allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.

Additional Identifiers

Rule ID: SV-204915r987725_rule

Vulnerability ID: V-204915

Group Title: SRG-NET-000022

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000035

Provide the capability for privileged administrators to configure the organization-defined security or privacy policy filters to support different security or privacy policies.
CCI-000366

Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-4(11)

Configuration of Security Policy Filters
CM-6

Configuration Settings