The firewall implementation must validate the integrity of security attributes exchanged between information systems.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000226-FW-000140	SRG-NET-000226-FW-000140	SRG-NET-000226-FW-000140_rule		Medium

Description
This control ensures the integrity of security attributes. The firewall implementation must include content inspection and filtering of both the data payload and the metadata (security attributes) associated with the data. This inspection is often performed first by a packet level firewall and then by a separate application firewall (also called a proxy or gateway). It is crucial these attributes are subjected to the same rigorous content filtering as the data payload in order to ensure access control and flow control policies are properly implemented.

Description

This control ensures the integrity of security attributes. The firewall implementation must include content inspection and filtering of both the data payload and the metadata (security attributes) associated with the data. This inspection is often performed first by a packet level firewall and then by a separate application firewall (also called a proxy or gateway). It is crucial these attributes are subjected to the same rigorous content filtering as the data payload in order to ensure access control and flow control policies are properly implemented.

STIG	Date
Firewall Security Requirements Guide	2012-12-10

Details

Check Text ( C-SRG-NET-000226-FW-000140_chk )
Verify the firewall implementation is configured to provide content inspection and filtering of security attributes associated with information on all outbound and inbound interfaces. If the firewall implementation does not validate the integrity of security attributes exchanged between information systems, this is a finding.

Fix Text (F-SRG-NET-000226-FW-000140_fix)
Configure the firewall to validate the integrity of security attributes exchanged between information systems.