| Checked | Name | Title |
|---|
| ☐ | SV-95465r1_rule | The SDN controller must be configured to enforce approved authorizations for access to system resources in accordance with applicable access control policies. |
| ☐ | SV-95467r1_rule | The SDN controller must be configured to enforce approved authorizations for controlling the flow of traffic within the network based on organization-defined information flow control policies. |
| ☐ | SV-95469r1_rule | The SDN controller must be configured to produce audit records containing information to establish what type of events occurred. |
| ☐ | SV-95471r1_rule | The SDN controller must be configured to produce audit records containing information to establish when the events occurred. |
| ☐ | SV-95473r1_rule | The SDN controller must be configured to produce audit records containing information to establish where the events occurred. |
| ☐ | SV-95475r1_rule | The SDN controller must be configured to produce audit records containing information to establish the source of the events. |
| ☐ | SV-95477r1_rule | The SDN controller must be configured to produce audit records containing information to establish the outcome of the events. |
| ☐ | SV-95479r1_rule | The SDN controller must be configured to generate audit records containing information that establishes the identity of any individual or process associated with the event. |
| ☐ | SV-95481r1_rule | The SDN controller must be configured to disable non-essential capabilities. |
| ☐ | SV-95483r1_rule | The SDN controller must be configured to enforce a policy to manage bandwidth and to limit the effects of a packet-flooding Denial of Service (DoS) attack. |
| ☐ | SV-95485r1_rule | The SDN controllers must be configured as a cluster in active/active or active/passive mode to preserve any information necessary to determine cause of a system failure and to maintain network operations with least disruption to workload processes and flows. |
| ☐ | SV-95487r1_rule | The SDN controller must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by rate-limiting control-plane communications. |
| ☐ | SV-95489r1_rule | The SDN controller must be configured to only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations. |
| ☐ | SV-95491r1_rule | The SDN controller must be configured to authenticate southbound Application Program Interface (API) control-plane messages received from SDN-enabled network elements using a FIPS-approved message authentication code algorithm. |
| ☐ | SV-95493r1_rule | The SDN controller must be configured to authenticate northbound Application Program Interface (API) messages received from business applications and management systems using a FIPS-approved message authentication code algorithm. |
| ☐ | SV-95495r1_rule | The SDN controller must be configured to encrypt all southbound Application Program Interface (API) control-plane messages using a FIPS-validated cryptographic module. |
| ☐ | SV-95497r1_rule | The SDN controller must be configured to encrypt all northbound Application Program Interface (API) messages using a FIPS-validated cryptographic module. |
| ☐ | SV-95499r1_rule | The SDN controller must be configured to authenticate received southbound Application Program Interface (API) management-plane messages using a FIPS-approved message authentication code algorithm. |
| ☐ | SV-95501r1_rule | The SDN controller must be configured to encrypt all southbound Application Program Interface (API) management-plane messages using a FIPS-validated cryptographic module. |
| ☐ | SV-95503r1_rule | The SDN controller must be configured to be deployed as a cluster and on separate physical hosts. |
| ☐ | SV-95505r1_rule | The SDN Controller must be configured to notify the forwarding device to either drop the packet or make an entry in the flow table for a received packet that does not match any flow table entries. |
| ☐ | SV-95507r1_rule | SDN controller must be configured to forward traffic based on security requirements. |
| ☐ | SV-95509r1_rule | The SDN controller must be configured to enable multi-tenant virtual networks to be fully isolated from one another. |
| ☐ | SV-95511r1_rule | The SDN controller must be configured to separate tenant functionality from system management functionality. |
| ☐ | SV-95513r1_rule | The SDN controller must be configured to isolate security functions from non-security functions. |
| ☐ | SV-95515r1_rule | The SDN controller must be configured to generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. |
| ☐ | SV-95517r1_rule | The SDN controller must be configured to notify the ISSO and ISSM of failed verification tests for organization-defined security functions. |
| ☐ | SV-95519r1_rule | The SDN controller must be configured to prohibit user installation of software without explicit privileged status. |
| ☐ | SV-95521r1_rule | The SDN controller must be configured to enforce access restrictions associated with changes to the configuration. |
| ☐ | SV-95523r1_rule | The SDN controller must be configured to audit the enforcement actions used to restrict access associated with changes to any application within the SDN framework. |
| ☐ | SV-109205r1_rule | The SDN controller must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. |
STIGQter: STIG Summary: