The ALG must be configured to block, delete, quarantine, and/or alert appropriate individuals in response to malicious code detection.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000249-ALG-000134 | SRG-NET-000249-ALG-000134 | SRG-NET-000249-ALG-000134_rule | Medium |
| Description |
|---|
| Malicious code includes, but is not limited to, viruses, worms, Trojan horses, and Spyware. The code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. Malicious code may also be able to run and attach programs, which may allow the unauthorized distribution of malicious mobile code. Once this code is installed on endpoints within the network, unauthorized users may be able to breach firewalls and gain access to sensitive data. Network elements providing this capability must be capable of being configured to perform actions in response to detected malware. Responses include blocking, quarantining, deleting, and alerting. Other technology- or organization-specific responses may also be employed to satisfy this requirement. This requirement is limited to ALGs, web content filters, and packet inspection firewalls that perform malicious code detection as part of their functionality. |
| STIG | Date |
|---|---|
| Application Layer Gateway Security Requirements Guide | 2014-06-27 |
Details
| Check Text ( C-SRG-NET-000249-ALG-000134_chk ) |
|---|
| If the ALG does not perform malicious code detection as part of their functionality, this is not a finding. Verify the ALG blocks, deletes, quarantines, and/or alerts appropriate individuals in response to malicious code detection. If the ALG does not block, delete, quarantine, and/or alert appropriate individuals in response to malicious code detection, this is a finding. |
| Fix Text (F-SRG-NET-000249-ALG-000134_fix) |
|---|
| Configure the ALG to block, delete, quarantine, and/or alert appropriate individuals in response to malicious code detection. |