STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

All external connections must be validated and approved by the Authorizing Official (AO) and the Connection Approval Office (CAO) and meeting Connection Approval Process (CAP) requirements.

DISA Rule

SV-8533r3_rule

Vulnerability Number

V-8047

Group Title

Network connections exist without approval

Rule Version

NET0130

Severity

CAT II

CCI(s)

• CCI-001121 - The organization protects against unauthorized physical connections at organization-defined managed interfaces.

Weight

10

Fix Recommendation

All external connections will be validated and approved prior to connection. Interview the ISSM to verify that all connections have a mission requirement and that the AO is aware of the requirement.

Check Contents

Review the network topology and interview the ISSO to verify that each external connection to the site’s network has been validated and approved by the AO and CAO and that CAP requirements have been met.

If there are any external connections that have not been validated and approved, this is a finding.

Vulnerability Number

V-8047

Documentable

False

Rule Version

NET0130

Severity Override Guidance

Review the network topology and interview the ISSO to verify that each external connection to the site’s network has been validated and approved by the AO and CAO and that CAP requirements have been met.

If there are any external connections that have not been validated and approved, this is a finding.

Check Content Reference

M

Target Key

838

Comments