The application server must employ automated mechanisms to enforce strict adherence to protocol format.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35663	SRG-APP-000253-AS-NA	SV-46950r1_rule		Medium

Description
Automated mechanisms used to enforce protocol formats include, deep packet inspection firewalls and XML gateways. These devices verify adherence to the protocol specification (e.g., IEEE) at the application layer and serve to identify significant vulnerabilities that cannot be detected by devices operating at the network or transport layer. It is impractical to expect protocol format inspection to be conducted manually. This requirement is NA. This task is for an XML gateway or application firewall, application servers are not expected to provide this level of functionality.

Description

Automated mechanisms used to enforce protocol formats include, deep packet inspection firewalls and XML gateways. These devices verify adherence to the protocol specification (e.g., IEEE) at the application layer and serve to identify significant vulnerabilities that cannot be detected by devices operating at the network or transport layer. It is impractical to expect protocol format inspection to be conducted manually. This requirement is NA. This task is for an XML gateway or application firewall, application servers are not expected to provide this level of functionality.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-44005r1_chk )
This requirement is NA for the AS SRG.

Fix Text (F-40205r1_fix)
The requirement is NA. No fix is required.