UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The firewall implementation must protect server VLAN(s) using a deny-by-default security posture.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000018-FW-000206 SRG-NET-000018-FW-000206 SRG-NET-000018-FW-000206_rule Medium
Description
Without proper access control of traffic entering or leaving the server VLAN, potential threats, such as a denial of service, data corruption, or theft could occur, resulting in the inability to complete mission requirements by authorized users. Protecting data sitting in a server VLAN is necessary and can be accomplished using access control lists on VLANs provisioned for servers.
STIG Date
Firewall Security Requirements Guide 2014-07-07

Details

Check Text ( C-SRG-NET-000018-FW-000206_chk )
Review the device configuration to validate an ACL or rule set with a deny-by-default security posture has been implemented to protect the server VLAN.
Fix Text (F-SRG-NET-000018-FW-000206_fix)
Configure an ACL or rule set to protect the server VLAN interface. The ACL or rule set must be in a deny-by-default security posture.