STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Application Layer Gateway Security Requirements Guide

V-204987

CAT II (Medium)

The ALG that is part of a CDS, when transferring information between different security domains, must use organization-defined data type identifiers to validate data essential for information flow decisions.

Rule ID

SV-204987r1117211_rule

STIG

Application Layer Gateway Security Requirements Guide

Version

V2R3

CCIs

CCI-000366, CCI-002201

Discussion

Information flow decisions based on invalid data may allow unintended and unauthorized data flows, and therefore risk the confidentiality of information. They may also result in the unauthorized release (spill) of information. Data type identifiers include, for example, file names, file types, file signatures/tokens, and multiple internal file signatures/tokens. Information systems may allow transfer of data only if compliant with data type format specifications.

Check Content

If the ALG is not part of a CDS, this is not applicable.

Verify the ALG is configured to use organization-defined data type identifiers to validate data essential for information flow decisions.

If the ALG is not configured to use organization-defined data type identifiers to validate data essential for information flow decisions, this is a finding.

Fix Text

If the ALG is part of a CDS, configure the ALG to use organization-defined data type identifiers to validate data essential for information flow decisions.