STIGQter: STIG Summary: SDN Controller Security Requirements Guide Version: 1 Release: 2 Benchmark Date: 24 Apr 2020:

The SDN Controller must be configured to notify the forwarding device to either drop the packet or make an entry in the flow table for a received packet that does not match any flow table entries.

DISA Rule

SV-95505r1_rule

Vulnerability Number

V-80795

Group Title

SRG-NET-000512

Rule Version

SRG-NET-000512-SDN-001055

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the SDN controller to enable reactive flow setup so that the controller will notify a forwarding device to either drop the packet or make an entry in the flow table for a received packet that does not match any flow table entries.

Check Contents

Review the SDN controller configuration to determine if it is configured to enable reactive flow setup.

If the SDN Controller is not configured to notify the forwarding device to either drop the packet or make an entry in the flow table for a received packet that does not match any flow table entries, this is a finding.

Vulnerability Number

V-80795

Documentable

False

Rule Version

SRG-NET-000512-SDN-001055

Severity Override Guidance

Review the SDN controller configuration to determine if it is configured to enable reactive flow setup.

If the SDN Controller is not configured to notify the forwarding device to either drop the packet or make an entry in the flow table for a received packet that does not match any flow table entries, this is a finding.

Check Content Reference

M

Target Key

3333

Comments