STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Application Layer Gateway Security Requirements Guide

V-205008

CAT II (Medium)

The ALG must only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Rule ID

SV-205008r831385_rule

STIG

Application Layer Gateway Security Requirements Guide

Version

V2R3

CCIs

CCI-002403

Discussion

Unrestricted traffic may contain malicious traffic which poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources. Access control policies and access control lists implemented on devices that control the flow of network traffic (e.g., application level firewalls and Web content filters), ensure the flow of traffic is only allowed from authorized sources to authorized destinations. Networks with different levels of trust (e.g., the Internet or CDS) must be kept separate.

Check Content

Verify the ALG only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

If the ALG allows incoming communications from unauthorized sources routed to unauthorized destinations, this is a finding.

Fix Text

Configure the ALG to only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.