STIGQter: STIG Summary: SDN Using NV Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 27 Feb 2017:

Physical devices hosting an SDN controller must be connected to two switches for high-availability.

DISA Rule

SV-87751r1_rule

Vulnerability Number

V-73099

Group Title

NET-SDN-014

Rule Version

NET-SDN-014

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Enable NIC teaming on the device hosting an SDN controller in either Link Aggregation Control Protocol (LACP) or switch-independent mode.

Connect each interface to a different access switch.

Check Contents

Review the network topology as well as the physical connection between the physical device hosting an SDN controller and the switches.

The device must have NIC teaming enabled and must be dual homed, with each upstream link connected to a different switch.

If the physical device hosting an SDN controller is not connected to two switches using NIC teaming, this is a finding.

Vulnerability Number

V-73099

Documentable

False

Rule Version

NET-SDN-014

Severity Override Guidance

Review the network topology as well as the physical connection between the physical device hosting an SDN controller and the switches.

The device must have NIC teaming enabled and must be dual homed, with each upstream link connected to a different switch.

If the physical device hosting an SDN controller is not connected to two switches using NIC teaming, this is a finding.

Check Content Reference

M

Target Key

3089

Comments