UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must implement NAT to ensure endpoint internal IPv4 addresses are not visible to external untrusted networks.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-999999-FW-000177 SRG-NET-999999-FW-000177 SRG-NET-999999-FW-000177_rule Low
Description
Network Address Translation (NAT) works well with the implementation of RFC 1918 addressing scheme. It also has the privacy benefit of hiding real internal addresses. An attacker can learn more about a site's private network once the real IP addresses of the hosts within have been discovered.
STIG Date
Firewall Security Requirements Guide 2012-12-10

Details

Check Text ( C-SRG-NET-999999-FW-000177_chk )
If NAT is implemented on the premise router, this is not a finding.
Review the firewall or premise router configuration to determine if NAT has been implemented.

If NAT is not implemented on the firewall, this is a finding.
Fix Text (F-SRG-NET-999999-FW-000177_fix)
Implement NAT on the firewall or premise router for NIPRNet enclaves.