UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The ALG that proxies SMTP traffic must inspect inbound and outbound SMTP and Extended SMTP traffic for harmful content.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000512-ALG-000064 SRG-NET-000512-ALG-000064 SRG-NET-000512-ALG-000064_rule Medium
Description
Allowing traffic through the ALG without inspection creates a direct connection between the host in the private network and a host on the outside. This bypasses security measures and places the network and destination endpoint at a greater risk of exploitation. An application layer gateway (also called an email proxy or gateway) must be included in the ALG. This ALG will be configured to inspect inbound and outbound SMTP and Extended SMTP traffic to detect spam, phishing, and malformed message attacks. Additionally, SMTP and Extended SMTP traffic must be inspected for harmful content.
STIG Date
Application Layer Gateway Security Requirements Guide 2014-06-27

Details

Check Text ( C-SRG-NET-000512-ALG-000064_chk )
If the ALG does not proxy SMTP traffic, this is not a finding.

Review the ALG configuration and verify implementation of both inbound and outbound traffic for SMTP and Extended SMTP inspection.
Verify policy filters exist to inspect SMTP and Extended SMTP traffic for spam, phishing attacks and malformed messages.

Verify rules exist to inspect SMTP and Extended SMTP traffic for harmful content.

If the ALG does not inspect inbound and outbound SMTP and Extended SMTP traffic, this is a finding.
Fix Text (F-SRG-NET-000512-ALG-000064_fix)
Configure the ALG for inbound and outbound traffic for SMTP and Extended SMTP inspection.

Inspection must include spam, phishing, and malformed message attacks.

The ALG must also inspect SMTP and Extended SMTP traffic for harmful content.