STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

External network connections must not bypass the enclaves perimeter security.

DISA Rule

SV-8538r4_rule

Vulnerability Number

V-8052

Group Title

Backdoor network connections bypass perimeter security.

Rule Version

NET0170

Severity

CAT II

CCI(s)

• CCI-001102 - The organization implements a managed interface for each external telecommunication service.
• CCI-001103 - The organization establishes a traffic flow policy for each managed interface for each external telecommunication service.

Weight

10

Fix Recommendation

Disconnect any external network connections not routed through the organization's perimeter security or validated and approved by the AO.

Check Contents

Review the network topology diagram and verify that ingress and egress traffic via external connections to the enclave do not bypass the enclave’s perimeter security.

If there are external connections to the enclave that bypass the enclaves’ perimeter security, this is a finding.

Vulnerability Number

V-8052

Documentable

False

Rule Version

NET0170

Severity Override Guidance

Review the network topology diagram and verify that ingress and egress traffic via external connections to the enclave do not bypass the enclave’s perimeter security.

If there are external connections to the enclave that bypass the enclaves’ perimeter security, this is a finding.

Check Content Reference

M

Target Key

838

Comments