The ALG that is part of a CDS must enforce the use of human reviews for organization-defined information flows under organization-defined conditions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000329-ALG-000084	SRG-NET-000329-ALG-000084	SRG-NET-000329-ALG-000084_rule		Medium

Description
Without network element enforcement of human reviews, security policy filters may have false positives and false negatives in marginal situations, which may result in loss of confidentiality or availability. Organizations define security policy filters for all situations where automated flow control decisions are possible. When a fully automated flow control decision is not possible, then a human review may be employed in lieu of, or as a complement to, automated security policy filtering. Human reviews may also be employed as deemed necessary by organizations. The cross domain solution will display the data which requires human review to the authorized reviewer in its native form (i.e., consistent with how it would be displayed by the application that created the data). The system will require a response from the authorized reviewer prior to taking action on the transfer data and then take appropriate actions as indicated by the reviewer (e.g., reject, forward, reply, etc.), but do not allow the reviewer to circumvent any additional filtering mechanisms.

Description

Without network element enforcement of human reviews, security policy filters may have false positives and false negatives in marginal situations, which may result in loss of confidentiality or availability. Organizations define security policy filters for all situations where automated flow control decisions are possible. When a fully automated flow control decision is not possible, then a human review may be employed in lieu of, or as a complement to, automated security policy filtering. Human reviews may also be employed as deemed necessary by organizations. The cross domain solution will display the data which requires human review to the authorized reviewer in its native form (i.e., consistent with how it would be displayed by the application that created the data). The system will require a response from the authorized reviewer prior to taking action on the transfer data and then take appropriate actions as indicated by the reviewer (e.g., reject, forward, reply, etc.), but do not allow the reviewer to circumvent any additional filtering mechanisms.

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-06-27

Details

Check Text ( C-SRG-NET-000329-ALG-000084_chk )
If the ALG is not part of a CDS, this is not a finding. Verify the ALG is configured to enforce the use of human reviews for organization-defined information flows under organization-defined conditions. If the ALG is not configured to enforce the use of human reviews for organization-defined information flows under organization-defined conditions, this is a finding.

Fix Text (F-SRG-NET-000329-ALG-000084_fix)
Configure the ALG to enforce the use of human reviews for organization-defined information flows under organization-defined conditions.