Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IAO will ensure the Server Farm VLANs are protected by severely restricting the actions the hosts can perform on the servers by firewall content filtering.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18525 | NET-SRVFRM-005 | SV-20064r1_rule | Medium |
| Description |
|---|
| Most current applications are deployed as a multi-tier architecture. The multi-tier model uses separate server machines to provide the different functions of presentation, business logic, and database. Multi-tier server farms provide added security because a compromised web server does not provide direct access to the application itself or to the database. The multi-tier separation is accomplished in several architectures, by a layer 2 switch, by a layer3 switch/router or by a firewall located at the server farm. Using the firewall implementation is the most secure method and is the only approved DoD architecture. Firewalls get packets from VLAN-supporting switches complete with 802.1Q tags in their headers. What the VLAN-aware firewall can do is extract the tags and use the information within the tags to make policy-based security decisions. |
| STIG | Date |
|---|---|
| Firewall Security Technical Implementation Guide - Cisco | 2017-12-07 |
Details
| Check Text ( C-21300r1_chk ) |
|---|
| Identify the VLAN IP subnet and determine if the subnet passes content inspect by a firewall capable on content inspection. |
| Fix Text (F-19128r1_fix) |
|---|
| Configure the firewall to inspect traffic content to and from the server farm. |