STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

A deny-by-default security posture must be implemented for traffic entering and leaving the enclave.

DISA Rule

SV-12294r5_rule

Vulnerability Number

V-11796

Group Title

Deny by default policy is not implemented

Rule Version

NET0369

Severity

CAT I

CCI(s)

• CCI-002080 - The organization employs either an allow-all, deny-by-exception or a deny-all, permit-by-exception policy for allowing organization-defined information systems to connect to external information systems.
• CCI-002082 - The organization selects either an allow-all, deny-by-exception or a deny-all, permit-by-exception policy for allowing organization-defined information systems to connect to external information systems.
• CCI-002398 - The information system detects outgoing communications traffic posing a threat to external information systems.
• CCI-002399 - The information system denies outgoing communications traffic posing a threat to external information systems.

Weight

10

Fix Recommendation

Implement a deny-by-default security posture on either the enclave perimeter router or firewall.

Check Contents

Determine if a deny-by-default security posture has been implemented for both inbound and outbound traffic on the perimeter router or firewall.

If a deny-by-default security posture has not been implemented at the network perimeter, this is a finding.

Vulnerability Number

V-11796

Documentable

False

Rule Version

NET0369

Severity Override Guidance

Determine if a deny-by-default security posture has been implemented for both inbound and outbound traffic on the perimeter router or firewall.

If a deny-by-default security posture has not been implemented at the network perimeter, this is a finding.

Check Content Reference

M

Target Key

838

Comments