Skip to content
Catalogs
XCCDF
Application Layer Gateway Security Requirements Guide
SRG-NET-000021
The ALG that is part of a CDS must allow privileged administrators to enable/disable all security policy filters used to enforce information flow control.
The ALG that is part of a CDS must allow privileged administrators to enable/disable all security policy filters used to enforce information flow control. An XCCDF Rule
The ALG that is part of a CDS must allow privileged administrators to enable/disable all security policy filters used to enforce information flow control.
Medium Severity
<VulnDiscussion>A crucial part of any information flow control solution is the ability to enable and disable policy filters in order to respond to changes in organizational security posture and mission conditions.
This is not a requirement to restrict the capability to privileged administrators, but rather to ensure there is some means of enabling/disabling policy filters (e.g., command line or user console).
Policy filters enforce organizational security policy as it pertains to controlling data flow. Security policy filters can address data structures and content. These filters may include dirty word filters, file type checking filters, structured data filters, unstructured data filters, metadata content filters, and hidden content filters.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>