The ALG providing authentication proxy connections must accept FICAM-approved third-party credentials.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000348-ALG-0000105	SRG-NET-000348-ALG-0000105	SRG-NET-000348-ALG-0000105_rule		Medium

Description
Access may be denied to legitimate users if Federal Identity, Credential, and Access Management (FICAM)-approved third-party credentials are not accepted. Third-party credentials are those credentials issued by non-federal government entities approved by the FICAM Trust Framework Solutions initiative. This requirement typically applies to organizational information systems that are accessible to non-federal government agencies and other partners. This allows federal government relying parties to trust such credentials at their approved assurance levels. This requirement only applies to components where this is specific to the function of the device or has the concept of a non-organizational user, (e.g., ALG capability that is the front end for an application in a DMZ). This does not apply to authentication for the purpose of configuring the device itself (i.e., device management).

Description

Access may be denied to legitimate users if Federal Identity, Credential, and Access Management (FICAM)-approved third-party credentials are not accepted. Third-party credentials are those credentials issued by non-federal government entities approved by the FICAM Trust Framework Solutions initiative. This requirement typically applies to organizational information systems that are accessible to non-federal government agencies and other partners. This allows federal government relying parties to trust such credentials at their approved assurance levels. This requirement only applies to components where this is specific to the function of the device or has the concept of a non-organizational user, (e.g., ALG capability that is the front end for an application in a DMZ). This does not apply to authentication for the purpose of configuring the device itself (i.e., device management).

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-06-27

Details

Check Text ( C-SRG-NET-000348-ALG-0000105_chk )
If the ALG does not provide user authentication proxy services, this is not a finding. Verify the ALG accept FICAM-approved third-party credentials. If the ALG does not accept FICAM-approved third-party credentials, this is a finding.

Fix Text (F-SRG-NET-000348-ALG-0000105_fix)
Configure ALG to accept FICAM-approved third-party credentials.