Application Layer Gateway Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The ALG must produce audit records containing information to establish what type of events occurred.
Without establishing what type of event occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack. Audit record content that may be nece...Rule Medium Severity -
The ALG must produce audit records containing information to establish where the events occurred.
Without establishing where events occurred, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack. In order to compile an accurate risk assessment,...Rule Medium Severity -
The ALG must send an alert to, at a minimum, the ISSO and SCA when an audit processing failure occurs.
It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an ...Rule Medium Severity -
The ALG must protect audit information from unauthorized read access.
Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity th...Rule Medium Severity -
The ALG must protect audit information from unauthorized modification.
If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracity of audit...Rule Medium Severity -
The ALG must protect audit tools from unauthorized deletion.
Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on au...Rule Medium Severity -
The ALG providing user access control intermediary services must be configured with a pre-established trust relationship and mechanisms with appropriate authorities (e.g., Active Directory or AAA server) which validate user account access authorizations and privileges.
User account and privilege validation must be centralized in order to prevent unauthorized access using changed or revoked privileges. ALGs can implement functions such as traffic filtering, authe...Rule Medium Severity -
The ALG providing user authentication intermediary services must implement replay-resistant authentication mechanisms for network access to nonprivileged accounts.
A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be ...Rule Medium Severity -
The ALG that provides intermediary services for TLS must validate certificates used for TLS functions by performing RFC 5280-compliant certification path validation.
A certificate's certification path is the path from the end entity certificate to a trusted root certification authority (CA). Certification path validation is necessary for a relying party to make...Rule Medium Severity -
The ALG providing content filtering must block outbound traffic containing known and unknown DoS attacks to protect against the use of internal information systems to launch any Denial of Service (DoS) attacks against other networks or endpoints.
DoS attacks can take multiple forms but have the common objective of overloading or blocking a network or host to deny or seriously degrade performance. If the network does not provide safeguards a...Rule Medium Severity -
The ALG must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
A deny-all, permit-by-exception network communications traffic policy ensures that only those connections which are essential and approved are allowed. As a managed interface, the ALG must block a...Rule Medium Severity -
The ALG must invalidate session identifiers upon user logout or other session termination.
Captured sessions can be reused in "replay" attacks. This requirement limits the ability of adversaries from capturing and continuing to employ previously valid session IDs. Session IDs are tokens...Rule Medium Severity -
The ALG must recognize only system-generated session identifiers.
Network elements (depending on function) utilize sessions and session identifiers to control application behavior and user access. If an attacker can guess the session identifier, or can inject or ...Rule Medium Severity -
The ALG must generate unique session identifiers using a FIPS 140-2 approved random number generator.
Sequentially generated session IDs can be easily guessed by an attacker. Employing the concept of randomness in the generation of unique session identifiers helps to protect against brute-force att...Rule Medium Severity -
The ALG must fail to a secure state upon failure of initialization, shutdown, or abort actions.
Failure to a known safe state helps prevent systems from failing to a state that may cause loss of data or unauthorized access to system resources. Network elements that fail suddenly and with no i...Rule Medium Severity -
The ALG providing content filtering must update malicious code protection mechanisms and signature definitions whenever new releases are available in accordance with organizational configuration management policy.
Malicious code protection mechanisms include, but are not limited to, antivirus and malware detection software. To minimize any potential negative impact to the organization caused by malicious cod...Rule Medium Severity -
The ALG providing content filtering must be configured to perform real-time scans of files from external sources at network entry/exit points as they are downloaded and prior to being opened or executed.
Malicious code includes viruses, worms, Trojan horses, and spyware. The code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. Malici...Rule Medium Severity -
The ALG providing content filtering must delete or quarantine malicious code in response to malicious code detection.
Taking an appropriate action based on local organizational incident handling procedures minimizes the impact of this code on the network. The ALG must be configured to block all detected malicious...Rule Medium Severity -
The ALG providing content filtering must update malicious code protection mechanisms and signature definitions whenever new releases are available in accordance with organizational configuration management procedures.
The malicious software detection functionality on network elements needs to be constantly updated in order to identify new threats as they are discovered. All malicious software detection function...Rule Medium Severity -
The ALG that is part of a CDS must enforce information flow control based on organization-defined metadata.
Enforcing allowed information flows based on metadata enables simpler and more effective flow control. Metadata is information used to describe the characteristics of data. Metadata can include str...Rule Medium Severity -
The ALG that is part of a CDS must decompose information into organization-defined, policy-relevant subcomponents for submission to policy enforcement mechanisms before transferring information between different security domains.
Policy enforcement mechanisms apply filtering, inspection, and/or sanitization rules to the policy-relevant subcomponents of information to facilitate flow enforcement prior to transferring such in...Rule Medium Severity -
The ALG that is part of a CDS, when transferring information between different security domains, must examine the information for the presence of organization-defined unsanctioned information.
Without the capability to examine information, there is no means to determine the presence of information not authorized for transfer. Information flow decisions based on unexamined data may allow ...Rule Medium Severity -
The ALG that is part of a CDS must prohibit the transfer of unsanctioned information in accordance with the security policy when transferring information between different security domains.
The ability to prohibit information transfer is fundamentally necessary to prevent unintended and unauthorized data flows. Failure to prohibit information transfer when necessary will risk the conf...Rule Medium Severity -
The ALG providing content filtering must prevent the download of prohibited mobile code.
Mobile code is defined as software modules obtained from remote systems, transferred across a network, and then downloaded and executed on a local system without explicit installation or execution ...Rule Medium Severity -
The ALG providing intermediary services for remote access communications traffic must control remote access methods.
Remote access devices, such as those providing remote access to network devices and information systems, which lack automated control capabilities, increase risk and makes remote user access manage...Rule Medium Severity -
To protect against data mining, the ALG providing content filtering must prevent SQL injection attacks launched against data storage objects, including, at a minimum, databases, database records, and database fields.
Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure to prevent attacks launched against organizational information from unaut...Rule Medium Severity -
To protect against data mining, the ALG providing content filtering must detect code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.
Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure to detect attacks launched against organizational databases may result in...Rule Medium Severity -
The ALG that is part of a CDS must use source and destination security attributes associated with organization-defined information, source, and/or destination objects to enforce organization-defined information flow control policies as a basis for flow control decisions.
If information flow is not enforced based on approved authorizations, the system may become compromised. A mechanism to detect and prevent unauthorized communication flow must be configured and us...Rule Medium Severity -
The ALG providing user access control intermediary services must provide the capability for authorized users to select a user session to capture or view.
Without the capability to select a user session to capture or view, investigations into suspicious or harmful events would be hampered by the volume of information captured. The intent of this req...Rule Medium Severity -
The ALG must off-load audit records onto a centralized log server.
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. Th...Rule Medium Severity -
The ALG must provide an immediate real-time alert to, at a minimum, the SCA and ISSO, of all audit failure events where the detection and/or prevention function is unable to write events to either local storage or the centralized server.
Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operation may be adversely affected. Alerts provide organizations with urgen...Rule Medium Severity -
The ALG providing user authentication intermediary services must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. In addition to the reauthentication requirements associated with session locks, orga...Rule Medium Severity -
The ALG providing user authentication intermediary services must implement multifactor authentication for remote access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
For remote access to privileged accounts, the purpose of requiring a device that is separate from the information system gaining access for one of the factors during multifactor authentication is t...Rule Medium Severity -
The ALG providing content filtering must protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing pattern recognition pre-processors.
If the network does not provide safeguards against DoS attacks, network resources will be unavailable to users. Installation of content filtering gateways and application layer firewalls at key bo...Rule Medium Severity -
The ALG must fail securely in the event of an operational failure.
If a boundary protection device fails in an unsecure manner (open), information external to the boundary protection device may enter, or the device may permit unauthorized information release. Sec...Rule Medium Severity -
The ALG must behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.
A common vulnerability of network elements is unpredictable behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs...Rule Medium Severity -
The ALG providing content filtering must detect use of network services that have not been authorized or approved by the ISSM and ISSO, at a minimum.
Unauthorized or unapproved network services lack organizational verification or validation and therefore may be unreliable or serve as malicious rogues for valid services. Examples of network serv...Rule Medium Severity -
The ALG providing content filtering must generate a log record when unauthorized network services are detected.
Unauthorized or unapproved network services lack organizational verification or validation and therefore may be unreliable or serve as malicious rogues for valid services. Examples of network serv...Rule Medium Severity -
The ALG providing content filtering must continuously monitor inbound communications traffic crossing internal security boundaries for unusual or unauthorized activities or conditions.
If inbound communications traffic is not continuously monitored, hostile activity may not be detected and prevented. Output from application and traffic monitoring serves as input to continuous mon...Rule Medium Severity -
The ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when root level intrusion events which provide unauthorized privileged access are detected.
Without an alert, security personnel may be unaware of major detection incidents that require immediate action and this delay may result in the loss or compromise of information. The ALG generates...Rule Medium Severity -
The ALG providing content filtering must generate an alert to, at a minimum, the ISSO and ISSM when user level intrusions which provide non-privileged access are detected.
Without an alert, security personnel may be unaware of major detection incidents that require immediate action and this delay may result in the loss or compromise of information. The ALG generates...Rule Medium Severity -
The ALG that implements spam protection mechanisms must be updated automatically.
Originators of spam messages are constantly changing their techniques in order to defeat spam countermeasures; therefore, spam software must be constantly updated to address the changing threat. A...Rule Medium Severity -
The ALG must check the validity of all data inputs except those specifically identified by the organization.
Invalid user input occurs when a user inserts data or characters into an application's data entry fields and the application is unprepared to process that data. This results in unanticipated applic...Rule Medium Severity -
The ALG must reveal error messages only to the ISSO, ISSM, and SCA.
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can give configuration details about the...Rule Medium Severity -
The ALG that is part of a CDS must generate audit records when successful/unsuccessful attempts to access security levels occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The ALG providing user access control intermediary services must generate audit records when successful/unsuccessful attempts to modify privileges occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The ALG must generate audit records when successful/unsuccessful attempts to delete security levels occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The ALG must generate audit records when successful/unsuccessful attempts to delete security objects occur.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The ALG providing user access control intermediary services must generate audit records showing starting and ending time for user access to the system.
Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...Rule Medium Severity -
The ALG providing encryption intermediary services must implement NIST FIPS-validated cryptography to generate cryptographic hashes.
Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The network element must implement cryptographic modules adhering to the higher standa...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.