The ALG must prevent the automatic execution of mobile code.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000290-ALG-000111	SRG-NET-000290-ALG-000111	SRG-NET-000290-ALG-000111_rule		Medium

Description
Mobile code can cause damage to the system. It can execute without explicit action from, or notification to, a user. Prevention mechanisms include, for example, changing the extension of mobile code so it is not automatically executed by applications, such as macros. Blocking the download of mobile code meets this requirement. Usage restrictions and implementation guidance apply to both the selection and use of mobile code installed, downloaded, or executed on all endpoints (e.g., servers, workstations, and smart phones).This requirement applies to network elements that have the ability to identify mobile code.

Description

Mobile code can cause damage to the system. It can execute without explicit action from, or notification to, a user. Prevention mechanisms include, for example, changing the extension of mobile code so it is not automatically executed by applications, such as macros. Blocking the download of mobile code meets this requirement. Usage restrictions and implementation guidance apply to both the selection and use of mobile code installed, downloaded, or executed on all endpoints (e.g., servers, workstations, and smart phones).This requirement applies to network elements that have the ability to identify mobile code.

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-06-27

Details

Check Text ( C-SRG-NET-000290-ALG-000111_chk )
If the ALG does not perform content filtering as part of the traffic management functions, this is not a finding. Verify the ALG prevents the automatic execution of mobile code. If the ALG does not prevent the automatic execution of mobile code, this is a finding.

Fix Text (F-SRG-NET-000290-ALG-000111_fix)
Configure the ALG to prevent the automatic execution of mobile code.