The ALG must alert the IAO, IAM, and other individuals designated by the local organization when unauthorized network services are detected.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000385-ALG-000138	SRG-NET-000385-ALG-000138	SRG-NET-000385-ALG-000138_rule		Medium

Description
Unauthorized or unapproved network services lack organizational verification or validation and therefore, may be unreliable or serve as malicious rogues for valid services. Appropriate personnel must be notified when such unauthorized services are detected. Automated mechanisms can be used to send automatic alerts or notifications. Such automatic alerts or notifications can be conveyed in a variety of ways (e.g., telephonically, via electronic mail, via text message, or via websites).

Description

Unauthorized or unapproved network services lack organizational verification or validation and therefore, may be unreliable or serve as malicious rogues for valid services. Appropriate personnel must be notified when such unauthorized services are detected. Automated mechanisms can be used to send automatic alerts or notifications. Such automatic alerts or notifications can be conveyed in a variety of ways (e.g., telephonically, via electronic mail, via text message, or via websites).

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-06-27

Details

Check Text ( C-SRG-NET-000385-ALG-000138_chk )
Verify the ALG alerts the IAO, IAM, and other individuals designated by the local organization when unauthorized network services are detected. If the ALG does not alert the IAO, IAM, and other individuals designated by the local organization when unauthorized network services are detected, this is a finding.

Fix Text (F-SRG-NET-000385-ALG-000138_fix)
Configure the ALG to alert the IAO, IAM, and other individuals designated by the local organization when unauthorized network services are detected.