The firewall implementation must enforce information flow control on metadata.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000280-FW-000164 | SRG-NET-000280-FW-000164 | SRG-NET-000280-FW-000164_rule | Medium |
| Description |
|---|
| Metadata is information about one or more pieces of data. This may include information about the data's purpose, creator, origin, or classification. Information flow control regulates where information is allowed to travel within a network and between hosts as opposed to who is allowed to access the information. Information flow enforcement mechanisms compare security attributes on all information such as source and destination objects, and respond appropriately (e.g., block, quarantine, alert administrator) when the mechanisms encounter information flows not explicitly allowed by the information flow policy. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000280-FW-000164_chk ) |
|---|
| Review the firewall configuration. Verify enforcement of flow control based on metadata by deep packet inspection of various packet types examining packet payload to restrict and control various service commands, URLs, data content by application, as well as data leakage. If flow control based on metadata is not enforced, this is a finding. |
| Fix Text (F-SRG-NET-000280-FW-000164_fix) |
|---|
| Configure the firewall implementation to enforce information flow control on metadata such as service commands, URLs, data content by application, and prevent data leakage (i.e., clean word list). |