Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The firewall implementation must check the validity of data inputs.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000312-FW-000172 | SRG-NET-000312-FW-000172 | SRG-NET-000312-FW-000172_rule | Medium |
| Description |
|---|
| Invalid input occurs when a user, or system acting on behalf of a user, inserts data or characters into an application's data entry fields and the application is unprepared to process that data. Checking the valid syntax and semantics of information system inputs (e.g., character set, length, numerical range, and acceptable values) verifies that inputs match specified definitions for format and content. Prescreening inputs prior to passing to interpreters prevent the content from being unintentionally interpreted as commands. The integrity of the firewall ACL, rule sets, and security zone data is essential for controlling network access. Input validation helps ensure accurate and correct inputs and prevent attacks such as cross-site scripting and a variety of injection attacks. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000312-FW-000172_chk ) |
|---|
| Review the firewall to determine if data input validation occurs. This is usually part of the system design. Input several commands with invalid syntax and verify that the commands are rejected. If the firewall implementation does not perform validity checks for commands and data entered into the system, this is a finding. |
| Fix Text (F-SRG-NET-000312-FW-000172_fix) |
|---|
| Ensure the firewall is designed to check the validity of data inputs. |