STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

VPN gateways used to create IP tunnels to transport classified traffic across an unclassified IP network must comply with appropriate physical security protection standards for processing classified information.

DISA Rule

SV-15501r2_rule

Vulnerability Number

V-14745

Group Title

Demarcation point is not authorized for SIPRNet

Rule Version

NET1832

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Employ the necessary physical security protection for the VPN gateway devices used for tunneling classified traffic across the unclassified IP network.

Check Contents

Review the network topology diagram. If there is a connection between the classified network and the unclassified network for the purpose of tunneling classified traffic across the unclassified IP network, verify that the IPsec VPN gateway used to provision the tunnel is compliant with appropriate physical security protection standards for processing classified information.

If appropriate physical security protection has not been enforced, this is a finding.

Vulnerability Number

V-14745

Documentable

False

Rule Version

NET1832

Severity Override Guidance

Review the network topology diagram. If there is a connection between the classified network and the unclassified network for the purpose of tunneling classified traffic across the unclassified IP network, verify that the IPsec VPN gateway used to provision the tunnel is compliant with appropriate physical security protection standards for processing classified information.

If appropriate physical security protection has not been enforced, this is a finding.

Check Content Reference

M

Target Key

838

Comments