UCF STIG Viewer Logo

EBPW-1 Public WAN Connection


Connections between DoD enclaves and the Internet or other public or commercial wide area networks require a demilitarized zone (DMZ).

MAC / CONF Impact Subject Area
High Enclave Boundary Defense


When DoD systems are connected to public networks without the proper DMZ configuration unscrupulous individuals or groups can access sensitive information within an enclave and launch denial of service attacks.  The use of a DMZ adds a reasonable layer of protection against external untrusted networks and DoD systems.

1. Components shall identify the need for utilitzing a DMZ.
2. A Firewall device and routing schema shall be employed , i.e.: use of a dual-honed with screened subnet firewall architecture.
3. Refer to DoD or other applicable guidance for proper connection requirements and procedures.


  • CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
  • DISA Network Infrastructure STIG, Version 6 Draft, 29 October 2004
  • DISA Enclave Security STIG, Version 2, Release 1, 01 July 2004
  • DISA Web Server STIG, Version 5 Draft, 26 July 2004