STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Application Layer Gateway Security Requirements Guide

V-205012

CAT II (Medium)

The ALG providing content filtering must be configured to integrate with a system-wide intrusion detection system.

Rule ID

SV-205012r831388_rule

STIG

Application Layer Gateway Security Requirements Guide

Version

V2R3

CCIs

CCI-002656

Discussion

Without coordinated reporting between separate devices, it is not possible to identify the true scale and possible target of an attack. Integration of the ALG with a system-wide intrusion detection system supports continuous monitoring and incident response programs. This requirement applies to monitoring at internal boundaries using TLS gateways, web content filters, email gateways, and other types of ALGs. ALGs can work as part of the network monitoring capabilities to off-load inspection functions from the external boundary IDPS by performing more granular content inspection of protocols at the upper layers of the OSI reference model.

Check Content

If the ALG does not perform content filtering as part of the traffic management functions, this is not applicable.

Verify the ALG integrates with a system-wide intrusion detection system.

If the ALG does not integrate with a system-wide intrusion detection system, this is a finding.

Fix Text

If the ALG performs content filtering as part of the traffic management functionality, configure the ALG to integrate with a system-wide intrusion detection system.