Skip to content
Log In

Palo Alto Networks ALG Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-NET-000246-ALG-000132

    Group
    Show

  • The Palo Alto Networks security platform must update malicious code protection mechanisms and signature definitions whenever new releases are available in accordance with organizational configuration management policy and procedures.

    In order to minimize any potential negative impact to the organization caused by malicious code, malicious code must be identified and eradicated. Malicious code includes viruses, worms, Trojan hor...
    Rule Medium Severity
    Show

  • SRG-NET-000249-ALG-000134

    Group
    Show

  • SRG-NET-000249-ALG-000145

    Group
    Show

  • The Palo Alto Networks security platform must delete or quarantine malicious code in response to malicious code detection.

    Taking an appropriate action based on local organizational incident handling procedures minimizes the impact of this code on the network. This requirement is limited to ALGs web content filters and...
    Rule Medium Severity
    Show

  • SRG-NET-000249-ALG-000146

    Group
    Show

  • SRG-NET-000251-ALG-000131

    Group
    Show

  • SRG-NET-000288-ALG-000109

    Group
    Show

  • SRG-NET-000289-ALG-000110

    Group
    Show

  • The Palo Alto Networks security platform must prevent the download of prohibited mobile code.

    MMobile code is defined as software modules obtained from remote systems, transferred across a network, and then downloaded and executed on a local system without explicit installation or execution...
    Rule Medium Severity
    Show

  • SRG-NET-000313-ALG-000010

    Group
    Show

  • SRG-NET-000314-ALG-000013

    Group
    Show

  • SRG-NET-000318-ALG-000014

    Group
    Show

  • To protect against data mining, the Palo Alto Networks security platform must detect and prevent SQL and other code injection attacks launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.

    Data mining is the analysis of large quantities of data to discover patterns and is used in intelligence gathering. Failure to prevent attacks launched against organizational information from unaut...
    Rule Medium Severity
    Show

  • SRG-NET-000318-ALG-000151

    Group
    Show

  • SRG-NET-000334-ALG-000050

    Group
    Show

  • The Palo Alto Networks security platform must off-load audit records onto a different system or media than the system being audited.

    Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. Th...
    Rule Medium Severity
    Show

  • SRG-NET-000355-ALG-000117

    Group
    Show

  • SRG-NET-000362-ALG-000112

    Group
    Show

  • SRG-NET-000362-ALG-000126

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules