Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4636 | WIR0210 | SV-4636r1_rule | ECSC-1 ECWN-1 | High |
Description |
---|
Approved network architectures have been assessed for IA risk. Non-approved architectures provide less assurance than approved architectures because they have not undergone the same level of evaluation. |
STIG | Date |
---|---|
Harris SecNet 11 / 54 Security Technical Implementation Guide (STIG) | 2016-01-04 |
Check Text ( C-16036r1_chk ) |
---|
Detailed Policy Requirements: The SWLAN architecture conforms to one of the approved configurations: LAN Extension: This architecture provides wireless access to the wired infrastructure using a Harris SecNet 11/ 54 or L3 KOV-26 Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.2 in the DISA FSO Wireless Overview for an example of the LAN Extension architecture. Wireless Bridging: This architecture provides point-to-point bridging using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 2.3 in the DISA FSO Wireless Overview for an example of the Wireless Bridging architecture. Wireless Peer-to-Peer: This architecture provides point-to-point communications between wireless clients using Harris SecNet 11/ 54 or Talon. In this architecture, the boundary is controlled either with fencing or inspection. See Figure 3.2 in the DISA FSO Wireless Overview for an example of the Wireless Peer-to-Peer architecture. Check Procedures: Interview the SA or IAO to obtain SWLAN network diagrams. Review the SWLAN architecture and ensure it conforms to one of the approved use cases. |
Fix Text (F-34117r1_fix) |
---|
Disable or remove the non-compliant SWLAN or reconfigure it to conform to one of the approved architectures. |