The ALG that is part of a CDS must allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.
Overview
Finding ID
Version
Rule ID
IA Controls
Severity
V-204915
SRG-NET-000022-ALG-000069
SV-204915r987725_rule
Medium
Description
The use of security policy filters provides protection for the confidentiality of data by restricting the flow of data. The capability to configure policy filters allows the ALG to enforce more granular security policies to meet complex and changing mission needs.
Policy filters enforce organizational security policy as it pertains to controlling data flow. Security policy filters can address data structures and content. These filters may include dirty word filters, file type checking filters, structured data filters, unstructured data filters, metadata content filters, and hidden content filters.
The cross domain solution must be configured to restrict management access according to the privilege level the user has been granted. Authorization to configure security policies requires the highest privilege level. This control requires the device have the capability for privileged administrators to configure security filters and to reconfigure these policies as needed to support changes in security policy.
If the ALG is not part of a CDS, this is not applicable.
Verify the ALG allows privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.
If the ALG does not allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control, this is a finding.
Fix Text (F-5183r395879_fix)
If the ALG is part of a CDS, configure the ALG to allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.