The ALG that is part of a CDS must enforce organization-defined one-way information flows using hardware mechanisms.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000032-ALG-000082	SRG-NET-000032-ALG-000082	SRG-NET-000032-ALG-000082_rule		Medium

Description
Information flow control regulates where information is allowed to travel within a network and between interconnected networks. The flow of all network traffic must be monitored and controlled so it does not introduce any unacceptable risk to the network infrastructure or data. For cross domain solutions, use of hardware enforced flow direction is preferable in high risk environments but is not mandatory. Do not enable any connections between security domains beyond the specified one-way flow.

Description

Information flow control regulates where information is allowed to travel within a network and between interconnected networks. The flow of all network traffic must be monitored and controlled so it does not introduce any unacceptable risk to the network infrastructure or data. For cross domain solutions, use of hardware enforced flow direction is preferable in high risk environments but is not mandatory. Do not enable any connections between security domains beyond the specified one-way flow.

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-06-27

Details

Check Text ( C-SRG-NET-000032-ALG-000082_chk )
If the ALG is not part of a CDS, this is not a finding. Verify the ALG is configured to enforce organization-defined one-way information flows using hardware mechanisms. If the ALG is not configured to enforce organization-defined one-way information flows using hardware mechanisms, this is a finding.

Fix Text (F-SRG-NET-000032-ALG-000082_fix)
Configure the ALG to enforce organization-defined one-way information flows using hardware mechanisms.