The ALG that is part of a CDS must block the transfer of data with malformed security attribute metadata structures.
An XCCDF Rule
Description
<VulnDiscussion>Enforcing allowed information flows based on metadata enables simpler and more effective flow control. Metadata is information used to describe the characteristics of data. Metadata can include structural metadata describing data structures (e.g., data format, syntax, and semantics) or descriptive metadata describing data contents (e.g., age, location, telephone number). For cross domain solutions, security attributes are defined as, at a minimum, source and destination address.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-68737r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
If the ALG is part of a CDS, configure the ALG to block the transfer of data with malformed security attribute metadata structures.