Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Symantec ProxySG ALG Security Technical Implementation Guide
SRG-NET-000235-ALG-000118
Symantec ProxySG must fail to a secure state upon failure of initialization, shutdown, or abort actions.
Symantec ProxySG must fail to a secure state upon failure of initialization, shutdown, or abort actions.
An XCCDF Rule
Details
Profiles
Prose
Symantec ProxySG must fail to a secure state upon failure of initialization, shutdown, or abort actions.
Medium Severity
<VulnDiscussion>Failure to a known safe state helps prevent systems from failing to a state that may cause loss of data or unauthorized access to system resources. Network elements that fail suddenly and with no incorporated failure state planning may leave the hosting system available but with a reduced security protection capability. Preserving system state information also facilitates system restart and return to the operational mode of the organization with less disruption to mission-essential processes. An example is a firewall that blocks all traffic rather than allowing all traffic when a firewall component fails (e.g., fail closed and do not forward traffic). This prevents an attacker from forcing a failure of the system to obtain access. Depending on the deployment architecture, there are many configurations to check external to the ProxySG to ensure that failures of initialization, shutdown, or abort actions result in a secure state. With these external configurations in place, the ProxySG meets this requirement inherently. However, if a ProxySG hardware appliance is configured in a transparent, physically in-path manner, the check and fix apply.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>