STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Application Layer Gateway Security Requirements Guide

V-204991

CAT II (Medium)

The ALG that is part of a CDS, when transferring information between different security domains, must apply the same security policy filtering to metadata as it applies to data payloads.

Rule ID

SV-204991r1137557_rule

STIG

Application Layer Gateway Security Requirements Guide

Version

V2R3

CCIs

CCI-000366, CCI-002211

Discussion

Subjecting metadata to the same filtering and inspection policies as payload data helps to mitigate the risk of data compromise through covert channels. This security measure also helps prevent the bypassing of security policy filtering. This requirement also applies to Zero Trust initiatives.

Check Content

If the ALG is not part of a CDS, this is not applicable.

Verify the ALG is configured to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains.

If the ALG is not configured to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains, this is a finding.

Fix Text

If the ALG is part of a CDS, configure the ALG to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains.