← Back to Router Security Requirements Guide

V-279001

CAT II (Medium)

When transferring information between different security domains, the router must use organization-defined data type identifiers to validate data essential for information flow decisions.

Rule ID

SV-279001r1137951_rule

STIG

Router Security Requirements Guide

Version

V5R2

CCIs

CCI-002201 CCI-000366

Discussion

Information flow decisions based on invalid data may allow unintended and unauthorized data flows, and therefore, risk the confidentiality of information. They may also result in the unauthorized release (spill) of information. Data type identifiers include, for example, file names, file types, file signatures/tokens, and multiple internal file signatures/tokens. Information systems may allow transfer of data only if compliant with data type format specifications. This requirement applies to routers that transfer information between different security domains (e.g., cross-domain solutions). This requirement also applies to Zero Trust initiatives.

Check Content

When transferring information between different security domains, verify the router is configured to use organization-defined data type identifiers to validate data essential for information flow decisions.

If the router does not use organization-defined data type identifiers to validate data essential for information flow decisions, when transferring information between different security domains, this is a finding.

Fix Text

Configure the router to use organization-defined data type identifiers to validate data essential for information flow decisions, when transferring information between different security domains.