STIGQter: STIG Summary: SDN Using NV Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 27 Feb 2017:

Quality of service (QoS) must be implemented on the underlying IP network to provide preferred treatment for traffic between the SDN controllers and SDN-enabled switches and hypervisors.

DISA Rule

SV-87747r1_rule

Vulnerability Number

V-73095

Group Title

NET-SDN-012

Rule Version

NET-SDN-012

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Determine the paths in which SDN control and management plane traffic will flow between the SDN controllers and SDN-enabled switches and routers.

Configure each router and multilayer switch to impose preferred treatment for this traffic so it has priority over normal production traffic during periods of congestion.

Check Contents

Note: This requirement will not be applicable if an out-of-band network is used to transport SDN control and management plane traffic.

Review the router and multilayer switch configurations to verify that SDN control and management plane packets are receiving the appropriate amount of priority to ensure this traffic has preference over normal production traffic.

If not all routers and multilayer switches impose preferred treatment for SDN control and management plane traffic during periods of congestion, this is a finding.

Quality of service (QoS) must be implemented on the underlying IP network to provide preferred treatment for traffic between the SDN controllers and SDN-enabled switches and hypervisors.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments