Application Layer Gateway Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The ALG providing content filtering must protect against known types of Denial of Service (DoS) attacks by employing signatures.
If the network does not provide safeguards against DoS attacks, network resources will be unavailable to users. Installation of content filtering gateways and application layer firewalls at key b...Rule Medium Severity -
SRG-NET-000362
Group -
SRG-NET-000364
Group -
The ALG must only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.
Unrestricted traffic may contain malicious traffic which poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth ...Rule Medium Severity -
SRG-NET-000365
Group -
SRG-NET-000370
Group -
The ALG must identify and log internal users associated with denied outgoing communications traffic posing a threat to external information systems.
Without identifying the users who initiated the traffic, it would be difficult to identify those responsible for the denied communications. This requirement applies to those network elements that ...Rule Medium Severity -
SRG-NET-000380
Group -
SRG-NET-000383
Group -
The ALG providing content filtering must be configured to integrate with a system-wide intrusion detection system.
Without coordinated reporting between separate devices, it is not possible to identify the true scale and possible target of an attack. Integration of the ALG with a system-wide intrusion detectio...Rule Medium Severity -
SRG-NET-000384
Group -
SRG-NET-000385
Group -
SRG-NET-000385
Group -
The ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when unauthorized network services are detected.
Unauthorized or unapproved network services lack organizational verification or validation and therefore, may be unreliable or serve as malicious rogues for valid services. Automated mechanisms ca...Rule Medium Severity -
SRG-NET-000390
Group -
SRG-NET-000391
Group -
The ALG providing content filtering must continuously monitor outbound communications traffic crossing internal security boundaries for unusual/unauthorized activities or conditions.
If outbound communications traffic is not continuously monitored, hostile activity may not be detected and prevented. Output from application and traffic monitoring serves as input to continuous mo...Rule Medium Severity -
SRG-NET-000392
Group -
The ALG providing content filtering must send an alert to, at a minimum, the ISSO and ISSM when detection events occur.
Without an alert, security personnel may be unaware of major detection incidents that require immediate action and this delay may result in the loss or compromise of information. Since these incid...Rule Medium Severity -
SRG-NET-000392
Group -
The ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when threats identified by authoritative sources (e.g., IAVMs or CTOs) are detected.
Without an alert, security personnel may be unaware of major detection incidents that require immediate action and this delay may result in the loss or compromise of information. The ALG generates...Rule Medium Severity -
SRG-NET-000392
Group -
SRG-NET-000392
Group -
SRG-NET-000392
Group -
The ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when denial of service incidents are detected.
Without an alert, security personnel may be unaware of major detection incidents that require immediate action and this delay may result in the loss or compromise of information. The ALG generates...Rule Medium Severity -
SRG-NET-000392
Group -
The ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when new active propagation of malware infecting DoD systems or malicious code adversely affecting the operations and/or security of DoD systems is detected.
Without an alert, security personnel may be unaware of major detection incidents that require immediate action and this delay may result in the loss or compromise of information. The ALG generates...Rule Medium Severity -
SRG-NET-000393
Group -
SRG-NET-000400
Group -
The ALG providing user authentication intermediary services must transmit only encrypted representations of passwords.
Passwords need to be protected at all times and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily co...Rule Medium Severity -
SRG-NET-000401
Group -
SRG-NET-000402
Group -
SRG-NET-000492
Group -
The ALG must generate audit records when successful/unsuccessful attempts to access security objects occur.
Without generating audit records that log usage of objects by subjects and other objects, it would be difficult to establish, correlate, and investigate the events relating to an incident, or ident...Rule Medium Severity -
SRG-NET-000493
Group -
SRG-NET-000494
Group -
The ALG must generate audit records when successful/unsuccessful attempts to access categories of information (e.g., classification levels) occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-NET-000495
Group -
SRG-NET-000496
Group -
The ALG must generate audit records when successful/unsuccessful attempts to modify security objects occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-NET-000497
Group -
The ALG must generate audit records when successful/unsuccessful attempts to modify security levels occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-NET-000498
Group -
The ALG must generate audit records when successful/unsuccessful attempts to modify categories of information (e.g., classification levels) occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-NET-000499
Group -
The ALG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to delete privileges occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
SRG-NET-000500
Group -
SRG-NET-000501
Group -
SRG-NET-000502
Group -
The ALG must generate audit records when successful/unsuccessful attempts to delete categories of information (e.g., classification levels) occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.