An OAM&P / NM and CTI network/LAN is connected to the local general use (base) LAN without appropriate boundary protection.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-8544	DSN04.08	SV-9041r1_rule	DCID-1 DCPA-1 EBCR-1 ECSC-1	Medium

Description
Requirement: The IAO will ensure that OAM&P / NM and CTI networks are not connected to the local general use (base) LAN. The requirement to dedicate OAM&P / NM and CTI networks or LANS is to protect the particular solution from threats from sources external to the solution. Connecting these dedicated LANs to another LAN negates this protection unless a proper boundary is created. Such a boundary should be a firewall but minimally must be a router ACL. Access to the dedicated LAN and the devices on it must be filtered by source and destination IP addresses as well as the specific ports and protocols that are required or permitted to cross the boundary.

Description

Requirement: The IAO will ensure that OAM&P / NM and CTI networks are not connected to the local general use (base) LAN. The requirement to dedicate OAM&P / NM and CTI networks or LANS is to protect the particular solution from threats from sources external to the solution. Connecting these dedicated LANs to another LAN negates this protection unless a proper boundary is created. Such a boundary should be a firewall but minimally must be a router ACL. Access to the dedicated LAN and the devices on it must be filtered by source and destination IP addresses as well as the specific ports and protocols that are required or permitted to cross the boundary.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-7373r1_chk )
Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable.

Fix Text (F-7968r1_fix)
Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.