The ALG that is part of a CDS must bind security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000327-ALG-000077 | SRG-NET-000327-ALG-000077 | SRG-NET-000327-ALG-000077_rule | Medium |
| Description |
|---|
| If security attributes are not associated with the information being transmitted between systems, then access control policies and information flows which depend on these security attributes will not function and may also result in the unauthorized release (spillage) of information. Binding techniques implemented by information systems affect the strength of security attribute binding to information. Binding strength and the assurance associated with binding techniques play an important part in the trust organizations have in the information flow enforcement process. The binding techniques affect the number and degree of additional reviews required by organizations. Examples of strong bindings are digital signatures and other cryptographic techniques. |
| STIG | Date |
|---|---|
| Application Layer Gateway Security Requirements Guide | 2014-06-27 |
Details
| Check Text ( C-SRG-NET-000327-ALG-000077_chk ) |
|---|
| If the ALG is not part of a CDS, this is not a finding. Verify the ALG binds security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement. If the ALG does not bind security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement, this is a finding. |
| Fix Text (F-SRG-NET-000327-ALG-000077_fix) |
|---|
| Configure the ALG to bind security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement. |