Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-28784 | NET0405 | SV-36774r5_rule | Medium |
Description |
---|
Call home services or features will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. The risk that transmission of sensitive data sent to unauthorized persons could result in data loss or downtime due to an attack. |
STIG | Date |
---|---|
Layer 2 Switch Security Technical Implementation Guide | 2018-11-27 |
Check Text ( C-35853r4_chk ) |
---|
Review the device configuration to determine if the call home service or feature is disabled on the device. If the call home service is enabled on the device, this is a finding. Note: This feature can be enabled if the communication is only to a server residing in the local area network or enclave. |
Fix Text (F-31103r2_fix) |
---|
Configure the network device to disable the call home service or feature. Note: This feature can be enabled if the communication is only to a server residing in the local area network or enclave. |