STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

The connection between the Channel Service Unit/Data Service Unit (CSU/DSU) and the Local Exchange Carriers (LEC) data service jack (i.e., demarc) as well as any service provider premise equipment must be located in a secure environment.

DISA Rule

SV-8535r3_rule

Vulnerability Number

V-8049

Group Title

Circuit location is not secure.

Rule Version

NET0140

Severity

CAT III

CCI(s)

• CCI-001121 - The organization protects against unauthorized physical connections at organization-defined managed interfaces.

Weight

10

Fix Recommendation

Move all critical communications to controlled access areas. Controlled access areas in this case means controlled restriction to authorize site personnel, i.e., dedicated communications rooms or locked cabinets. This is an area afforded entry control at a security level commensurate with the operational requirement. This protection will be sufficient to protect the network from unauthorized personnel. The keys to the locked cabinets and dedicated communications rooms will be controlled and only provided to authorized network/network security individuals.

Check Contents

Review the network topology to determine external connections and inspect location where CSU/DSUs and data service jacks reside.

If these components are not in a secured environment, this is a finding.

Vulnerability Number

V-8049

Documentable

False

Rule Version

NET0140

Severity Override Guidance

Review the network topology to determine external connections and inspect location where CSU/DSUs and data service jacks reside.

If these components are not in a secured environment, this is a finding.

Check Content Reference

M

Target Key

838

Comments