The ALG that is part of a CDS, when transferring information between different security domains, must apply the same security policy filtering to metadata as it applies to data payloads.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000328-ALG-000078	SRG-NET-000328-ALG-000078	SRG-NET-000328-ALG-000078_rule		Medium

Description
Subjecting metadata to the same filtering and inspection policies as payload data avoids the potential for data compromise through covert channels and the bypass of security policy filtering.

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-06-27

Details

Check Text ( C-SRG-NET-000328-ALG-000078_chk )
If the ALG is not part of a CDS, this is not a finding. Verify the ALG is configured to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains. If the ALG is not configured to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains, this is a finding.

Check Text ( C-SRG-NET-000328-ALG-000078_chk )

If the ALG is not part of a CDS, this is not a finding.

Verify the ALG is configured to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains.

If the ALG is not configured to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains, this is a finding.

Fix Text (F-SRG-NET-000328-ALG-000078_fix)
Configure the ALG to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains.