Skip to content
Catalogs
XCCDF
Application Layer Gateway Security Requirements Guide
SRG-NET-000283
The ALG that is part of a CDS, when transferring information between different security domains, must implement organization-defined security policy filters requiring fully enumerated formats that restrict data structure and content.
The ALG that is part of a CDS, when transferring information between different security domains, must implement organization-defined security policy filters requiring fully enumerated formats that restrict data structure and content. An XCCDF Rule
The ALG that is part of a CDS, when transferring information between different security domains, must implement organization-defined security policy filters requiring fully enumerated formats that restrict data structure and content.
Medium Severity
<VulnDiscussion>Data structure and content restrictions reduce the range of potential malicious and/or unsanctioned content in cross-domain transactions.
Security policy filters that restrict data structures include, for example, restricting file sizes and field lengths. Data content policy filters include:
1) Encoding formats for character sets (e.g., Universal Character Set Transformation Formats)
2) American Standard Code for Information Interchange (ASCII)
3) Restricting character data fields to only contain alpha-numeric characters
4) Prohibiting special characters
5) Validating schema structures
Organization-defined security policy filters which require format restrictions depend on the environment, data, and security boundaries. Organizations implementing CDS must follow the DoD-required process of testing, baselining, and risk assessment to ensure the rigor and accuracy necessary to rely upon a CDS for cross domain security.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>