Title

Applications functioning in the capacity of a firewall must check incoming communications to ensure the communications are coming from an authorized source and routed to an authorized destination. (Cat II impact)

Discussion

In regards to boundary controls such as routers and firewalls, examples of restricting and prohibiting communications are: restricting external web traffic only to organizational web servers within managed interfaces and prohibiting external traffic that appears to be spoofing an internal address as the source. Rationale for non-applicability: The mobile operating system provides firewall functionality on mobile devices. The requirement for application sandboxing precludes applications from checking the inbound and outbound traffic of other applications. If an application were granted the ability to perform this function, the application could perform a man-in-the-middle attack on other applications running on the device.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46940r1_rule

Vulnerability ID: V-35653

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.