Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000226-FW-000140 | SRG-NET-000226-FW-000140 | SRG-NET-000226-FW-000140_rule | Medium |
Description |
---|
This control ensures the integrity of security attributes. The firewall implementation must include content inspection and filtering of both the data payload and the metadata (security attributes) associated with the data. This inspection is often performed first by a packet level firewall and then by a separate application firewall (also called a proxy or gateway). It is crucial these attributes are subjected to the same rigorous content filtering as the data payload in order to ensure access control and flow control policies are properly implemented. |
STIG | Date |
---|---|
Firewall Security Requirements Guide | 2012-12-10 |
Check Text ( C-SRG-NET-000226-FW-000140_chk ) |
---|
Verify the firewall implementation is configured to provide content inspection and filtering of security attributes associated with information on all outbound and inbound interfaces. If the firewall implementation does not validate the integrity of security attributes exchanged between information systems, this is a finding. |
Fix Text (F-SRG-NET-000226-FW-000140_fix) |
---|
Configure the firewall to validate the integrity of security attributes exchanged between information systems. |