Application Layer Gateway Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000324
Group -
The ALG that is part of a CDS, when transferring information between different security domains, must use organization-defined data type identifiers to validate data essential for information flow decisions.
Information flow decisions based on invalid data may allow unintended and unauthorized data flows, and therefore risk the confidentiality of information. They may also result in the unauthorized re...Rule Medium Severity -
SRG-NET-000325
Group -
The ALG that is part of a CDS must uniquely identify and authenticate source by organization, system, application, and/or individual for information transfer.
Attribution is a critical component of a security concept of operations. The ability to identify source and destination points for information flowing in information systems, allows the forensic re...Rule Medium Severity -
SRG-NET-000326
Group -
The ALG that is part of a CDS must uniquely identify and authenticate destination by organization, system, application, and/or individual for information transfer.
Attribution is a critical component of a security concept of operations. The ability to identify source and destination points for information flowing in information systems, allows the forensic re...Rule Medium Severity -
SRG-NET-000328
Group -
The ALG that is part of a CDS, when transferring information between different security domains, must apply the same security policy filtering to metadata as it applies to data payloads.
Subjecting metadata to the same filtering and inspection policies as payload data helps to mitigate the risk of data compromise through covert channels. This security measure also helps prevent the...Rule Medium Severity -
SRG-NET-000329
Group -
The ALG that is part of a CDS must enforce the use of human reviews for organization-defined information flows under organization-defined conditions.
Without network element enforcement of human reviews, security policy filters may have false positives and false negatives in marginal situations, which may result in loss of confidentiality or ava...Rule Medium Severity -
SRG-NET-000331
Group -
SRG-NET-000334
Group -
SRG-NET-000335
Group -
SRG-NET-000337
Group -
SRG-NET-000339
Group -
The ALG providing user authentication intermediary services must implement multifactor authentication for remote access to nonprivileged accounts such that one of the factors is provided by a device separate from the system gaining access.
For remote access to nonprivileged accounts, the purpose of requiring a device that is separate from the information system gaining access for one of the factors during multifactor authentication i...Rule Medium Severity -
SRG-NET-000340
Group -
SRG-NET-000344
Group -
The ALG must prohibit the use of cached authenticators after an organization-defined time period.
If the cached authenticator information is out of date, the validity of the authentication information may be questionable. This requirement applies to all ALGs which may cache user authenticators...Rule Medium Severity -
SRG-NET-000345
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.