STIGQter STIGQter: STIG Summary: SDN Using NV Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 27 Feb 2017:

Southbound API management plane traffic for provisioning and configuring virtual network elements within the SDN infrastructure must traverse an out-of-band path or be encrypted using a using a FIPS-validated cryptographic module.

DISA Rule

SV-87737r1_rule

Vulnerability Number

V-73085

Group Title

NET-SDN-007

Rule Version

NET-SDN-007

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Deploy an out-of-band network to provision paths between management systems, orchestrations systems, and all hypervisor hosts that compose the SDN infrastructure to provide transport for southbound API management plane traffic.

An alternative is to encrypt all southbound API management plane traffic using a FIPS-validated cryptographic module. Implement a cryptographic module that has a validation certification and is listed on the NIST Cryptographic Module Validation Program's (CMVP) validation list.

Check Contents

Determine if the southbound API management plane traffic traverses an out-of-band path.

If not, verify that the southbound API management plane traffic is encrypted using a using a FIPS-validated cryptographic module.

If the southbound API management plane traffic does not traverse an out-of-band path or is not encrypted using a using a FIPS-validated cryptographic module, this is a finding.

Vulnerability Number

V-73085

Documentable

False

Rule Version

NET-SDN-007

Severity Override Guidance

Determine if the southbound API management plane traffic traverses an out-of-band path.

If not, verify that the southbound API management plane traffic is encrypted using a using a FIPS-validated cryptographic module.

If the southbound API management plane traffic does not traverse an out-of-band path or is not encrypted using a using a FIPS-validated cryptographic module, this is a finding.

Check Content Reference

M

Target Key

3089

Comments