The ALG that is part of a CDS, when transferring information between different security domains, must implement organization-defined security policy filters requiring fully enumerated formats that restrict data structure and content.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000283-ALG-000072 | SRG-NET-000283-ALG-000072 | SRG-NET-000283-ALG-000072_rule | Medium |
| Description |
|---|
| Data structure and content restrictions reduce the range of potential malicious and/or unsanctioned content in cross-domain transactions. Security policy filters that restrict data structures include, for example, restricting file sizes and field lengths. Data content policy filters include: 1) Encoding formats for character sets (e.g., Universal Character Set Transformation Formats) 2) American Standard Code for Information Interchange (ASCII) 3) Restricting character data fields to only contain alpha-numeric characters 4) Prohibiting special characters 5) Validating schema structures. |
| STIG | Date |
|---|---|
| Application Layer Gateway Security Requirements Guide | 2014-06-27 |
Details
| Check Text ( C-SRG-NET-000283-ALG-000072_chk ) |
|---|
| If the ALG is not part of a CDS, this is not a finding. Verify the ALG is configured to implement policy filters that constrain data structure and content to organization-defined information security policy requirements when transferring information between different security domains. If the ALG is not configured to implement policy filters that constrain data structure and content to organization-defined information security policy requirements when transferring information between different security domains, this is a finding. |
| Fix Text (F-SRG-NET-000283-ALG-000072_fix) |
|---|
| Configure the ALG to implement policy filters that constrain data structure and content to organization-defined information security policy requirements when transferring information between different security domains. |