Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The ALG providing authentication proxy connections must accept FICAM-approved third-party credentials.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000348-ALG-0000105 | SRG-NET-000348-ALG-0000105 | SRG-NET-000348-ALG-0000105_rule | Medium |
| Description |
|---|
| Access may be denied to legitimate users if Federal Identity, Credential, and Access Management (FICAM)-approved third-party credentials are not accepted. Third-party credentials are those credentials issued by non-federal government entities approved by the FICAM Trust Framework Solutions initiative. This requirement typically applies to organizational information systems that are accessible to non-federal government agencies and other partners. This allows federal government relying parties to trust such credentials at their approved assurance levels. This requirement only applies to components where this is specific to the function of the device or has the concept of a non-organizational user, (e.g., ALG capability that is the front end for an application in a DMZ). This does not apply to authentication for the purpose of configuring the device itself (i.e., device management). |
| STIG | Date |
|---|---|
| Application Layer Gateway Security Requirements Guide | 2014-06-27 |
Details
| Check Text ( C-SRG-NET-000348-ALG-0000105_chk ) |
|---|
| If the ALG does not provide user authentication proxy services, this is not a finding. Verify the ALG accept FICAM-approved third-party credentials. If the ALG does not accept FICAM-approved third-party credentials, this is a finding. |
| Fix Text (F-SRG-NET-000348-ALG-0000105_fix) |
|---|
| Configure ALG to accept FICAM-approved third-party credentials. |