The ALG that is part of a CDS must bind security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-54483	SRG-NET-000327-ALG-000077	SV-68729r1_rule		Medium

Description
If security attributes are not associated with the information being transmitted between systems, then access control policies and information flows which depend on these security attributes will not function and may also result in the unauthorized release (spillage) of information. Binding techniques implemented by information systems affect the strength of security attribute binding to information. Binding strength and the assurance associated with binding techniques play an important part in the trust organizations have in the information flow enforcement process. The binding techniques affect the number and degree of additional reviews required by organizations. Examples of strong bindings are digital signatures and other cryptographic techniques. Organization-defined binding techniques for binding security attributes to associated information depend on the environment, data, and security boundaries of the specific CDS. Organizations implementing CDS must follow the DoD-required process of testing, baselining, and risk assessment to ensure the rigor and accuracy necessary to rely upon a CDS for cross domain security.

Description

If security attributes are not associated with the information being transmitted between systems, then access control policies and information flows which depend on these security attributes will not function and may also result in the unauthorized release (spillage) of information. Binding techniques implemented by information systems affect the strength of security attribute binding to information. Binding strength and the assurance associated with binding techniques play an important part in the trust organizations have in the information flow enforcement process. The binding techniques affect the number and degree of additional reviews required by organizations. Examples of strong bindings are digital signatures and other cryptographic techniques. Organization-defined binding techniques for binding security attributes to associated information depend on the environment, data, and security boundaries of the specific CDS. Organizations implementing CDS must follow the DoD-required process of testing, baselining, and risk assessment to ensure the rigor and accuracy necessary to rely upon a CDS for cross domain security.

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-11-03

Details

Check Text ( C-55099r1_chk )
If the ALG is not part of a CDS, this is not applicable. Verify the ALG binds security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement. If the ALG does not bind security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement, this is a finding.

Fix Text (F-59337r1_fix)
If the ALG is part of a CDS, configure the ALG to bind security attributes to information using organization-defined binding techniques to facilitate information flow policy enforcement.