Title

Applications designed to enforce protocol formats must employ automated mechanisms to enforce strict adherence to protocol format. (Cat II impact)

Discussion

Automated mechanisms used to enforce protocol formats include, deep packet inspection firewalls and XML gateways. These devices verify adherence to the protocol specification (e.g., IEEE) at the application layer and serve to identify significant vulnerabilities that cannot be detected by devices operating at the network or transport layer. It is impractical to expect protocol format inspection to be conducted manually. Rationale for non-applicability: Mobile applications often employ communications protocols but they do not enforce protocol formats for other applications. The requirement for application sandboxing precludes applications from serving as a security boundary for other applications. If an application were granted the ability to perform this function, the application could perform a man-in-the-middle attack on other applications running on the device.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46959r1_rule

Vulnerability ID: V-35672

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.