Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Application Layer Gateway Security Requirements Guide
SRG-NET-000329
SRG-NET-000329
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-NET-000329
1 Rule
<GroupDescription></GroupDescription>
The ALG that is part of a CDS must enforce the use of human reviews for organization-defined information flows under organization-defined conditions.
Medium Severity
<VulnDiscussion>Without network element enforcement of human reviews, security policy filters may have false positives and false negatives in marginal situations, which may result in loss of confidentiality or availability. Organizations define security policy filters for all situations where automated flow control decisions are possible. When a fully automated flow control decision is not possible, then a human review may be employed in lieu of, or as a complement to, automated security policy filtering. Human reviews may also be employed as deemed necessary by organizations. The cross domain solution will display the data which requires human review to the authorized reviewer in its native form (i.e., consistent with how it would be displayed by the application that created the data). The system will require a response from the authorized reviewer prior to taking action on the transfer data and then take appropriate actions as indicated by the reviewer (e.g., reject, forward, reply, etc.), but do not allow the reviewer to circumvent any additional filtering mechanisms. Organization-defined information flows and conditions used as part of a CDS system depend on the environment, data, and security boundaries. Organizations implementing CDS must follow the DoD-required process of testing, baselining, and risk assessment to ensure the rigor and accuracy necessary to rely upon a CDS for cross domain security.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>