The ALG that is part of a CDS must allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-54467	SRG-NET-000022-ALG-000069	SV-68713r1_rule		Medium

Description
The use of security policy filters provides protection for the confidentiality of data by restricting the flow of data. The capability to configure policy filters allows the ALG to enforce more granular security policies to meet complex and changing mission needs. Policy filters enforce organizational security policy as it pertains to controlling data flow. Security policy filters can address data structures and content. These filters may include dirty word filters, file type checking filters, structured data filters, unstructured data filters, metadata content filters, and hidden content filters. The cross domain solution must be configured to restrict management access according to the privilege level the user has been granted. Authorization to configure security policies requires the highest privilege level. This control requires the device have the capability for privileged administrators to configure security filters and to reconfigure these policies as needed to support changes in security policy.

Description

The use of security policy filters provides protection for the confidentiality of data by restricting the flow of data. The capability to configure policy filters allows the ALG to enforce more granular security policies to meet complex and changing mission needs. Policy filters enforce organizational security policy as it pertains to controlling data flow. Security policy filters can address data structures and content. These filters may include dirty word filters, file type checking filters, structured data filters, unstructured data filters, metadata content filters, and hidden content filters. The cross domain solution must be configured to restrict management access according to the privilege level the user has been granted. Authorization to configure security policies requires the highest privilege level. This control requires the device have the capability for privileged administrators to configure security filters and to reconfigure these policies as needed to support changes in security policy.

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-11-03

Details

Check Text ( C-55083r1_chk )
If the ALG is not part of a CDS, this is not applicable. Verify the ALG allows privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control. If the ALG does not allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control, this is a finding.

Check Text ( C-55083r1_chk )

If the ALG is not part of a CDS, this is not applicable.

Verify the ALG allows privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.

If the ALG does not allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control, this is a finding.

Fix Text (F-59321r1_fix)
If the ALG is part of a CDS, configure the ALG to allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.