UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer and the IAO will ensure physical operating system separation and physical application separation is employed between servers of different data types in the web tier of Increment 1/Phase 1 deployment of the DoD DMZ for Internet-facing applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19688 APP6290 SV-21829r1_rule DCPA-1 High
Description
Restricted and unrestricted data residing on the same server may allow unauthorized access which would result in a loss of integrity and possibly the availability of the data. This requirement to this STIG was added at the request of the DoD DMZ PM. The goal is to ensure this requirement is addressed as the application is being developed. This requirement and severity was previously approved by the DSAWG in the Internet-NIPRNet DoD DMZ Increment 1, Phase 1 STIG. *This requirement does not apply to SIPRNet DMZs.
STIG Date
Application Security and Development STIG 2014-04-03

Details

Check Text ( C-24085r1_chk )
Ask the application representative for a network diagram. Review the network diagram for web servers/web services or any server in the web tier of the DoD DMZ. Verify restricted and unrestricted servers are installed on separate VLANS.

1) If restricted and unrestricted servers in the Web Tier of the DoD DMZ are not installed on separate VLANS, it is a finding.

*Note: This check does not apply to SIPRNet DMZs.
Fix Text (F-23071r1_fix)
Move restricted and unrestricted data to different servers.