The ALG providing authentication and access intermediary services must provide the capability for authorized users to select a user session to capture or view.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000331-ALG-000041 | SRG-NET-000331-ALG-000041 | SRG-NET-000331-ALG-000041_rule | Medium |
| Description |
|---|
| Without the capability to select a user session to capture/record or view/hear, investigations into suspicious or harmful events would be hampered by the volume of information captured. The volume of information captured may also adversely impact the operation for the network. Session audits may include port mirroring, tracking websites visited, and recording information and/or file transfers. |
| STIG | Date |
|---|---|
| Application Layer Gateway Security Requirements Guide | 2014-06-27 |
Details
| Check Text ( C-SRG-NET-000331-ALG-000041_chk ) |
|---|
| If the ALG does not provide access control and intermediary services, this is not a finding. Verify the ALG generates audit records for all account creations, modifications, disabling, and termination events. If the ALG does not generate audit records for all account creations, modifications, disabling, and termination events, this is a finding. |
| Fix Text (F-SRG-NET-000331-ALG-000041_fix) |
|---|
| Configure the ALG to generate audit records for all account creations, modifications, disabling, and termination events. |