Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Palo Alto Networks ALG Security Technical Implementation Guide
SRG-NET-000370-ALG-000125
SRG-NET-000370-ALG-000125
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-NET-000370-ALG-000125
1 Rule
<GroupDescription></GroupDescription>
The Palo Alto Networks security platform must identify and log internal users associated with prohibited outgoing communications traffic.
Medium Severity
<VulnDiscussion>Without identifying the users who initiated the traffic, it would be difficult to identify those responsible for the prohibited communications. This requirement applies to those network elements that perform Data Leakage Prevention (DLP) (e.g., ALGs, proxies, or application-level firewalls). The Palo Alto Networks Security Platform uses User-ID to map a user's identity to an IP address. This allows Administrators to configure and enforce firewall policies based on users and user groups in addition to network zones and addresses. If the user changes devices or the device is assigned a different IP address, User-ID tracks those changes and maintains the user to IP address mapping information. This supports non-repudiation. Before a security policy can be written for groups of users, the relationships between the users and the groups they are members of must be established. This information can be retrieved from an LDAP directory, such as Active Directory or eDirectory.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>