UCF STIG Viewer Logo

In the event of a system failure of the ALG function, the ALG must save diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-54625 SRG-NET-000236-ALG-000119 SV-68871r1_rule Medium
Description
Failure in a secure state can address safety or security in accordance with the mission needs of the organization. Failure to a secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving state information helps to facilitate the restart of the ALG application and a return to the operational mode with less disruption. This requirement applies to a failure of the ALG function rather than the device or operating system as a whole which is addressed in the Network Device Management SRG. Since it is usually not possible to test this capability in a production environment, systems should either be validated in a testing environment or prior to installation. This requirement is usually a function of the design of the IDPS component. Compliance can be verified by acceptance/validation processes or vendor attestation.
STIG Date
Application Layer Gateway (ALG) Security Requirements Guide (SRG) 2015-06-30

Details

Check Text ( C-55245r2_chk )
Verify the ALG, in the event of a system failure, saves diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted.

If the ALG does not save diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted, this is a finding.
Fix Text (F-59481r1_fix)
Configure the ALG, in the event of a system failure, to save diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted.