The ALG that proxies remote access traffic must control remote access methods.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000313-ALG-000010	SRG-NET-000313-ALG-000010	SRG-NET-000313-ALG-000010_rule		Medium

Description
Remote access devices, such as those providing remote access to network devices and information systems, which lack automated control capabilities, increase risk and makes remote user access management difficult at best. Remote access is access to DoD-nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include broadband and wireless connections. Remote access methods include, for example, proxied remote encrypted traffic (e.g., SSL gateways, web content filters, and webmail proxies). This requirement applies to ALGs providing remote access termination as part of its intermediary services. ALGs that proxy remote access must be capable of taking enforcement action if traffic monitoring reveals unauthorized activity.

Description

Remote access devices, such as those providing remote access to network devices and information systems, which lack automated control capabilities, increase risk and makes remote user access management difficult at best. Remote access is access to DoD-nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include broadband and wireless connections. Remote access methods include, for example, proxied remote encrypted traffic (e.g., SSL gateways, web content filters, and webmail proxies). This requirement applies to ALGs providing remote access termination as part of its intermediary services. ALGs that proxy remote access must be capable of taking enforcement action if traffic monitoring reveals unauthorized activity.

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-06-27

Details

Check Text ( C-SRG-NET-000313-ALG-000010_chk )
If the ALG does not proxy remote access traffic, this is not a finding. Verify the ALG is configured to control remote access methods. If the ALG does not control remote access methods, this is a finding.

Fix Text (F-SRG-NET-000313-ALG-000010_fix)
Configure the ALG to control remote access methods.