When transferring information between different security domains, the router must apply the same security policy filtering to metadata as it applies to data payloads.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279004 | SRG-NET-000328-RTR-000001 | SV-279004r1137960_rule | CCI-002211 | medium |
| Description | ||||
| Subjecting metadata to the same filtering and inspection policies as payload data avoids the potential for data compromise through covert channels and the bypass of security policy filtering. This requirement applies to routers that transfer information between different security domains (e.g., cross-domain solutions). This requirement also applies to Zero Trust initiatives. | ||||
| STIG | Date | |||
| Router Security Requirements Guide | 2025-09-10 | |||
Details
Check Text (C-279004r1137960_chk)
The router must apply the same security policy filtering to metadata as it applies to data payloads. Verify the router is configured to meet the requirements.
If the router does not meet the requirement, this is a finding.
Fix Text (F-83457r1137959_fix)
Configure the router to meet the requirement.