The ALG that is part of a CDS must allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-204915	SRG-NET-000022	SRG-NET-000022-ALG-000069	SV-204915r987725_rule	2024-12-04	2

Description
The use of security policy filters provides protection for the confidentiality of data by restricting the flow of data. The capability to configure policy filters allows the ALG to enforce more granular security policies to meet complex and changing mission needs. Policy filters enforce organizational security policy as it pertains to controlling data flow. Security policy filters can address data structures and content. These filters may include dirty word filters, file type checking filters, structured data filters, unstructured data filters, metadata content filters, and hidden content filters. The cross domain solution must be configured to restrict management access according to the privilege level the user has been granted. Authorization to configure security policies requires the highest privilege level. This control requires the device have the capability for privileged administrators to configure security filters and to reconfigure these policies as needed to support changes in security policy.

Description

The use of security policy filters provides protection for the confidentiality of data by restricting the flow of data. The capability to configure policy filters allows the ALG to enforce more granular security policies to meet complex and changing mission needs. Policy filters enforce organizational security policy as it pertains to controlling data flow. Security policy filters can address data structures and content. These filters may include dirty word filters, file type checking filters, structured data filters, unstructured data filters, metadata content filters, and hidden content filters. The cross domain solution must be configured to restrict management access according to the privilege level the user has been granted. Authorization to configure security policies requires the highest privilege level. This control requires the device have the capability for privileged administrators to configure security filters and to reconfigure these policies as needed to support changes in security policy.

ℹ️ Check
If the ALG is not part of a CDS, this is not applicable. Verify the ALG allows privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control. If the ALG does not allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control, this is a finding.

✔️ Fix
If the ALG is part of a CDS, configure the ALG to allow privileged administrators to configure and make changes to all security policy filters that are used to enforce information flow control.