The information system must monitor and control communications at the external boundary of the information system and at key internal boundaries within the system.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-27055	SRG-APP-NA	SV-34350r1_rule		Medium

Description
Restricting external web traffic only to organizational web servers within managed interfaces and prohibiting external traffic that appears to be spoofing an internal address as the source are examples of restricting and prohibiting communications. The same can be said for the monitoring of the traffic. The information system must monitor and control communications at the external boundary of the information system and at key internal boundaries within the system. This is a boundary control requirement to use firewalls and proxy servers to control communications and is not an application requirement.

Description

Restricting external web traffic only to organizational web servers within managed interfaces and prohibiting external traffic that appears to be spoofing an internal address as the source are examples of restricting and prohibiting communications. The same can be said for the monitoring of the traffic. The information system must monitor and control communications at the external boundary of the information system and at key internal boundaries within the system. This is a boundary control requirement to use firewalls and proxy servers to control communications and is not an application requirement.

STIG	Date
Application Security Requirements Guide	2011-12-28

Details

Check Text ( None )
None

Fix Text (None)
None