Network Management routers located at switch sites are not configured to provide IP and packet level filtering/protection.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7931	DSN04.02	SV-8417r1_rule	ECSC-1	Medium

Description
Requirement: The IAO will ensure that routers that provide remote connectivity to out-of-band management networks located at switch sites provide IP and packet level filtering/protection. All routers connected to a DSN Switch are to be configured to control network access to the DSN switch by IP and port/service. Implementing standard and extended access lists to control network access to the switch will add another security access layer minimizing risk to the DSN.

Description

Requirement: The IAO will ensure that routers that provide remote connectivity to out-of-band management networks located at switch sites provide IP and packet level filtering/protection. All routers connected to a DSN Switch are to be configured to control network access to the DSN switch by IP and port/service. Implementing standard and extended access lists to control network access to the switch will add another security access layer minimizing risk to the DSN.

STIG	Date
Defense Switched Network (DSN) STIG	2017-01-19

Details

Check Text ( C-7302r1_chk )
Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable

Fix Text (F-8033r1_fix)
> Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.