STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 26 Jul 2019: The premise firewall (located behind the premise router) must block all outbound management traffic.

DISA Rule

SV-94183r1_rule

Vulnerability Number

V-79477

Group Title

SRG-NET-000364-FW-000035

Rule Version

SRG-NET-000364-FW-000035

Severity

CAT II

CCI(s)

CCI-002403 - The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Weight

Fix Recommendation

With the exception of management traffic destined to perimeter equipment, configure a firewall located behind the premise router to block all outbound management traffic.

Check Contents

Review the firewall configuration to verify that it is blocking all outbound management traffic.

If the firewall is not blocking management network from leaking to outside networks, this is a finding.

STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 1 Release: 4 Benchmark Date: 26 Jul 2019: The premise firewall (located behind the premise router) must block all outbound management traffic.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments