The ALG must enforce approved authorizations for controlling the flow of information between interconnected systems by ensuring organization-defined changes to information flow control policies are immediately used for traffic detection and prevention functions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000019-ALG-000019	SRG-NET-000019-ALG-000019	SRG-NET-000019-ALG-000019_rule		Medium

Description
Information flow policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changing conditions or mission/operational considerations. Changing conditions include, for example, changes in organizational risk tolerance due to changes in the immediacy of mission/business needs, changes in the threat environment, and detection of potentially harmful or adverse events. Changes to the ALG must take effect when made by an authorized administrator and the new configuration is put in place or committed. With some devices, the changes take effect as the configuration is changed, while with others, the new configuration must be submitted to the device. In any case, the behavior of the ALG must immediately be affected to reflect the configuration change. An ALG can terminate an information flow if it detects a potentially harmful or adverse event in that specific data flow. This action must take place immediately when triggered.

Description

Information flow policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changing conditions or mission/operational considerations. Changing conditions include, for example, changes in organizational risk tolerance due to changes in the immediacy of mission/business needs, changes in the threat environment, and detection of potentially harmful or adverse events. Changes to the ALG must take effect when made by an authorized administrator and the new configuration is put in place or committed. With some devices, the changes take effect as the configuration is changed, while with others, the new configuration must be submitted to the device. In any case, the behavior of the ALG must immediately be affected to reflect the configuration change. An ALG can terminate an information flow if it detects a potentially harmful or adverse event in that specific data flow. This action must take place immediately when triggered.

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-06-27

Details

Check Text ( C-SRG-NET-000019-ALG-000019_chk )
Verify configuration changes are saved/committed such that the changes are immediately applied to network traffic monitoring and prevention function. If the ALG does not enforce approved authorizations for controlling the flow of information between interconnected systems by ensuring organization-defined changes to information flow control policies are immediately used for traffic detection and prevention functions, this is a finding.

Check Text ( C-SRG-NET-000019-ALG-000019_chk )

Verify configuration changes are saved/committed such that the changes are immediately applied to network traffic monitoring and prevention function.

If the ALG does not enforce approved authorizations for controlling the flow of information between interconnected systems by ensuring organization-defined changes to information flow control policies are immediately used for traffic detection and prevention functions, this is a finding.

Fix Text (F-SRG-NET-000019-ALG-000019_fix)
Configure the ALG to save/commit configuration changes such that the changes are immediately applied to network traffic monitoring and prevention function.