STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The premise firewall (located behind the premise router) must block all outbound management traffic.

DISA Rule

SV-206707r604133_rule

Vulnerability Number

V-206707

Group Title

SRG-NET-000364

Rule Version

SRG-NET-000364-FW-000035

Severity

CAT II

CCI(s)

• CCI-002403 - The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Weight

10

Fix Recommendation

With the exception of management traffic destined to perimeter equipment, configure a firewall located behind the premise router to block all outbound management traffic.

Check Contents

Review the firewall configuration to verify that it is blocking all outbound management traffic.

If the firewall is not blocking management network from leaking to outside networks, this is a finding.

Vulnerability Number

V-206707

Documentable

False

Rule Version

SRG-NET-000364-FW-000035

Severity Override Guidance

Review the firewall configuration to verify that it is blocking all outbound management traffic.

If the firewall is not blocking management network from leaking to outside networks, this is a finding.

Check Content Reference

M

Target Key

2912

Comments