STIGQter: STIG Summary: Test and Development Zone A Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 26 Oct 2018:

Installation of operating systems on systems and devices in the test and development environment must be logically separated to prohibit access to any operational network.

DISA Rule

SV-51538r1_rule

Vulnerability Number

V-39671

Group Title

ENTD0320 - Installation of operating systems and devices not logically separated.

Rule Version

ENTD0320

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Create a policy to ensure the test or development system is physically disconnected or blocked at the firewall from any external network during the installation of an operating system.

Check Contents

Determine whether the organization has a connection approval policy on the installation of operating systems within the test and development environment. The policy must include either physically disconnecting or blocking the system at the firewall in order to achieve complete isolation from any network traffic. If no connection approval policy has been developed, this is a finding.

Vulnerability Number

V-39671

Documentable

False

Rule Version

ENTD0320

Severity Override Guidance

Determine whether the organization has a connection approval policy on the installation of operating systems within the test and development environment. The policy must include either physically disconnecting or blocking the system at the firewall in order to achieve complete isolation from any network traffic. If no connection approval policy has been developed, this is a finding.

Check Content Reference

M

Target Key

1131

Comments