The ALG must be configured to block, delete, quarantine, and/or alert appropriate individuals in response to malicious code detection.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000249-ALG-000134	SRG-NET-000249-ALG-000134	SRG-NET-000249-ALG-000134_rule		Medium

Description
Malicious code includes, but is not limited to, viruses, worms, Trojan horses, and Spyware. The code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. Malicious code may also be able to run and attach programs, which may allow the unauthorized distribution of malicious mobile code. Once this code is installed on endpoints within the network, unauthorized users may be able to breach firewalls and gain access to sensitive data. Network elements providing this capability must be capable of being configured to perform actions in response to detected malware. Responses include blocking, quarantining, deleting, and alerting. Other technology- or organization-specific responses may also be employed to satisfy this requirement. This requirement is limited to ALGs, web content filters, and packet inspection firewalls that perform malicious code detection as part of their functionality.

Description

Malicious code includes, but is not limited to, viruses, worms, Trojan horses, and Spyware. The code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. Malicious code may also be able to run and attach programs, which may allow the unauthorized distribution of malicious mobile code. Once this code is installed on endpoints within the network, unauthorized users may be able to breach firewalls and gain access to sensitive data. Network elements providing this capability must be capable of being configured to perform actions in response to detected malware. Responses include blocking, quarantining, deleting, and alerting. Other technology- or organization-specific responses may also be employed to satisfy this requirement. This requirement is limited to ALGs, web content filters, and packet inspection firewalls that perform malicious code detection as part of their functionality.

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-06-27

Details

Check Text ( C-SRG-NET-000249-ALG-000134_chk )
If the ALG does not perform malicious code detection as part of their functionality, this is not a finding. Verify the ALG blocks, deletes, quarantines, and/or alerts appropriate individuals in response to malicious code detection. If the ALG does not block, delete, quarantine, and/or alert appropriate individuals in response to malicious code detection, this is a finding.

Fix Text (F-SRG-NET-000249-ALG-000134_fix)
Configure the ALG to block, delete, quarantine, and/or alert appropriate individuals in response to malicious code detection.