Switch Administration terminals do not connect directly to the switch administration port or connect via a controlled, dedicated, out of band network used for switch administration support.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-7933 | DSN04.04 | SV-8419r1_rule | Medium |
| Description |
|---|
| Requirement: The IAO will ensure that switch/device administration terminals are connected directly to the administration port of the switch/device or are connected via an out-of-band network used only for administration support. > Switch administration terminals must connect to the switch by using either a direct connection to the administration port or through a dedicated, out of band network. Connections other than these, for example through a non-dedicated network connection, will introduce security risks. > The requirement to dedicate OAM&P / NM and CTI networks or LANS is to protect the particular solution from threats from sources external to the solution. Connecting these dedicated LANs to another LAN negates this protection. |
| STIG | Date |
|---|---|
| Defense Switched Network (DSN) STIG | 2017-01-19 |
Details
| Check Text ( C-7372r1_chk ) |
|---|
| Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable. |
| Fix Text (F-7508r1_fix) |
|---|
| Ensure that the connections used are through either a dedicated out of band network or direct connection to the administration port. Any other connections to administration terminals should be disconnected and their use should be discontinued. |