The network element must isolate organizationally defined key information security tools, mechanisms, and support components from other internal information system components via physically separate subnets.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000197-FW-NA	SRG-NET-000197-FW-NA	SRG-NET-000197-FW-NA_rule		Medium

Description
To secure the enclave, the site must implement defense-in-depth security. This requires the deployment of various network security elements at strategic locations. The enclave must also be segregated into separate subnets with unique security policies. Subnetting provides a number of essential network services (e.g., public content, remote access, and perimeter protection). If isolation techniques, such as subnetting, are not used, unauthorized access to privileged information could result. Physical separation of subnets is not the function of the firewall.

Description

To secure the enclave, the site must implement defense-in-depth security. This requires the deployment of various network security elements at strategic locations. The enclave must also be segregated into separate subnets with unique security policies. Subnetting provides a number of essential network services (e.g., public content, remote access, and perimeter protection). If isolation techniques, such as subnetting, are not used, unauthorized access to privileged information could result. Physical separation of subnets is not the function of the firewall.

STIG	Date
Firewall Security Requirements Guide	2012-12-10

Details

Check Text ( C-SRG-NET-000197-FW-NA_chk )
This requirement is NA for firewall. No fix required.

Fix Text (F-SRG-NET-000197-FW-NA_fix)
This requirement is NA for firewall. No fix required.