STIGQter: STIG Summary: Test and Development Zone B Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 26 Oct 2018:

Access control lists between development and testing network segments within a test and development environment must be in a deny-by-default posture.

DISA Rule

SV-51529r1_rule

Vulnerability Number

V-39662

Group Title

ENTD0230 - Access control lists not in deny-by-default posture.

Rule Version

ENTD0230

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement a deny-by-default security posture for both ingress and egress traffic between network segments in the test and development environment.

Check Contents

Determine whether a deny-by-default security posture has been implemented for both ingress and egress traffic for the test and development environment. If the organization is not using a deny-by-default security posture for ingress and ingress traffic for the test and development environment, this is a finding.

Vulnerability Number

V-39662

Documentable

False

Rule Version

ENTD0230

Severity Override Guidance

Determine whether a deny-by-default security posture has been implemented for both ingress and egress traffic for the test and development environment. If the organization is not using a deny-by-default security posture for ingress and ingress traffic for the test and development environment, this is a finding.

Check Content Reference

M

Target Key

1132

Comments