Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Mission Owner's internet-facing applications must be configured to traverse the Cloud Access Point (CAP) and Virtual Datacenter Security Stack (VDSS) prior to communicating with the internet.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-259864 | SRG-NET-000205-CLD-000090 | SV-259864r945580_rule | High |
| Description |
|---|
| The CAP and VDSS architectures mitigate potential damages to the Defense Information Systems Network (DISN) and provide the ability to detect and prevent an attack before it reaches the DISN. All traffic bound for the internet will traverse the BCAP/ICAP and IAP. Mission applications may be internet facing; internet-facing applications can be unrestricted or restricted (requiring CAC authentication). DOD users on the internet may first connect to their assigned DISN Virtual Private Network (VPN) before accessing Mission Owner enclave or private applications. |
| STIG | Date |
|---|---|
| Cloud Computing Mission Owner Network Security Requirements Guide | 2024-06-13 |
Details
| Check Text ( C-63595r945578_chk ) |
|---|
| If this is a Software as a Service (SaaS), this is not a finding. If Impact Level 2, but the cloud service provider (CSP) has control over the environment, this is not a finding. Verify that virtual internet-facing applications are configured to traverse the CAP and VDSS prior to communicating with the internet. If virtual internet-facing applications permit direct access to the CSP or the internet, this is a finding. |
| Fix Text (F-63502r945579_fix) |
|---|
| This applies to all Impact Levels. FedRAMP Moderate, High. Configure virtual internet-facing applications to traverse the CAP and VDSS prior to communicating with the internet. |