The ALG that is part of a CDS, when transferring information between different security domains, must apply the same security policy filtering to metadata as it applies to data payloads.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-204991 | SRG-NET-000328-ALG-000078 | SV-204991r987756_rule | CCI-000366 | medium |
| Description | ||||
| Subjecting metadata to the same filtering and inspection policies as payload data helps to mitigate the risk of data compromise through covert channels. This security measure also helps prevent the bypassing of security policy filtering. | ||||
| STIG | Date | |||
| Application Layer Gateway Security Requirements Guide | 2024-12-04 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
CM-6
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-204991r987756_chk)
If the ALG is not part of a CDS, this is not applicable.
Verify the ALG is configured to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains.
If the ALG is not configured to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains, this is a finding.
Fix Text (F-5259r396347_fix)
If the ALG is part of a CDS, configure the ALG to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains.