UCF STIG Viewer Logo

The ALG must only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.


Overview

Finding ID Version Rule ID IA Controls Severity
V-54637 SRG-NET-000364-ALG-000122 SV-68883r1_rule Medium
Description
Unrestricted traffic may contain malicious traffic which poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources. Access control policies and access control lists implemented on devices that control the flow of network traffic (e.g., application level firewalls and Web content filters), ensure the flow of traffic is only allowed from authorized sources to authorized destinations. Networks with different levels of trust (e.g., the Internet or CDS) must be kept separate.
STIG Date
Application Layer Gateway Security Requirements Guide 2014-11-03

Details

Check Text ( C-55257r1_chk )
Verify the ALG only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

If the ALG allows incoming communications from unauthorized sources routed to unauthorized destinations, this is a finding.
Fix Text (F-59493r1_fix)
Configure the ALG to only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.