Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-7932 | DSN04.03 | SV-8418r1_rule | ECSC-1 | Medium |
Description |
---|
Requirement: The IAO will ensure that OAM&P / NM and CTI system workstations are not used for other day-to-day functions (i.e., e-mail, web browsing, etc). Dedicating DSN administration terminals to their intended purpose and not using them for day-to-day functions such as email and web browsing, will reduce the risk of unauthorized access by those that could achieve entry by exploiting an existing IP based vulnerability. Not only should DSN administration terminals connect to DSN switching systems via a controlled network segment, the terminal should also be dedicated for administration purposes only. |
STIG | Date |
---|---|
Defense Switched Network (DSN) STIG | 2015-08-11 |
Check Text ( C-7690r1_chk ) |
---|
Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable. |
Fix Text (F-7507r1_fix) |
---|
Ensure dedicated terminals and workstations are used to administer DSN switching systems to that purpose only. Do not administer DSN switching systems from computer terminals that are used for day-to-day functions (i.e. email, web browsing, etc). |