STIGQter: STIG Summary: SDN Controller Security Requirements Guide Version: 1 Release: 2 Benchmark Date: 24 Apr 2020:

The SDN controllers must be configured as a cluster in active/active or active/passive mode to preserve any information necessary to determine cause of a system failure and to maintain network operations with least disruption to workload processes and flows.

DISA Rule

SV-95485r1_rule

Vulnerability Number

V-80775

Group Title

SRG-NET-000236

Rule Version

SRG-NET-000236-SDN-000365

Severity

CAT II

CCI(s)

CCI-001665 - The information system preserves organization-defined system state information in the event of a system failure.

Weight

Fix Recommendation

Configure the SDN controller to peer with one or more controllers in an active/active or active/passive failover mode.

Check Contents

Review the SDN controller configuration to determine if it is configured to peer with one or more controllers in an active/active or active/passive failover mode.

If the SDN controller is not configured to be deployed as a cluster in active/active or active/passive mode, this is a finding.

The SDN controllers must be configured as a cluster in active/active or active/passive mode to preserve any information necessary to determine cause of a system failure and to maintain network operations with least disruption to workload processes and flows.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments