The ALG must enforce approved authorizations for controlling the flow of information between interconnected systems by ensuring organization-defined changes to information flow control policies by ensuring the configuration the device uses when it boots contain the most recent changes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000019-ALG-000020 | SRG-NET-000019-ALG-000020 | SRG-NET-000019-ALG-000020_rule | Medium |
| Description |
|---|
| Information flow policies may require changes in order to meet changing mission needs or ongoing attacks. If changes are made to the ALG but are not saved to the configuration that is loaded upon the next boot up of the device, the network would be vulnerable to previously mitigated risks. |
| STIG | Date |
|---|---|
| Application Layer Gateway Security Requirements Guide | 2014-06-27 |
Details
| Check Text ( C-SRG-NET-000019-ALG-000020_chk ) |
|---|
| Compare the configuration that the device uses when it boots up to verify the most recent changes have been saved. If configuration changes are not saved/committed to the configuration loaded upon boot up of the ALG, this is a finding. |
| Fix Text (F-SRG-NET-000019-ALG-000020_fix) |
|---|
| Configure the ALG to save/commit configuration changes to the configuration loaded upon boot up of the ALG. |