Palo Alto Networks ALG Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Palo Alto Networks security platform must log violations of security policies.
<VulnDiscussion>Without establishing the source of the event, it is impossible to establish, correlate, and investigate the events leading up...Rule Low Severity -
SRG-NET-000131-ALG-000085
<GroupDescription></GroupDescription>Group -
The Palo Alto Networks security platform that provides intermediary services for TLS must validate certificates used for TLS functions by performing RFC 5280-compliant certification path validation.
<VulnDiscussion>A certificate's certification path is the path from the end entity certificate to a trusted root certification authority (CA)...Rule Medium Severity -
The Palo Alto Networks security platform must only enable User-ID on trusted zones.
<VulnDiscussion>User-ID can use Windows Management Instrumentation (WMI) probing as a method of mapping users to IP addresses. If this is use...Rule Medium Severity -
SRG-NET-000131-ALG-000085
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules