UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must validate the integrity of security attributes exchanged between information systems.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000226-FW-000140 SRG-NET-000226-FW-000140 SRG-NET-000226-FW-000140_rule Medium
Description
This control ensures the integrity of security attributes. The firewall implementation must include content inspection and filtering of both the data payload and the metadata (security attributes) associated with the data. This inspection is often performed first by a packet level firewall and then by a separate application firewall (also called a proxy or gateway). It is crucial these attributes are subjected to the same rigorous content filtering as the data payload in order to ensure access control and flow control policies are properly implemented.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-000226-FW-000140_chk )
Verify the firewall implementation is configured to provide content inspection and filtering of security attributes associated with information on all outbound and inbound interfaces.

If the firewall implementation does not validate the integrity of security attributes exchanged between information systems, this is a finding.
Fix Text (F-SRG-NET-000226-FW-000140_fix)
Configure the firewall to validate the integrity of security attributes exchanged between information systems.