The layer 2 switch must be configured to fail securely in the event of an operational failure.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-206650	SRG-NET-000235-L2S-000031	SV-206650r383119_rule		Medium

Description
If the switch fails in an unsecure manner (open), unauthorized traffic originating externally to the enclave may enter or the device may permit unauthorized information release. Fail secure is a condition achieved by employing information system mechanisms to ensure, in the event of an operational failure of the switch, that it does not enter into an unsecure state where intended security properties no longer hold. If the device fails, it must not fail in a manner that will allow unauthorized access. If the switch fails for any reason, it must stop forwarding traffic altogether or maintain the configured security policies. If the device stops forwarding traffic, maintaining network availability would be achieved through device redundancy. An example is a firewall that blocks all traffic rather than allowing all traffic when a firewall component fails (e.g., fail closed and do not forward traffic). This prevents an attacker from forcing a failure of the system in order to obtain access. Abort refers to stopping a program or function before it has finished naturally. The term abort refers to both requested and unexpected terminations.

Description

If the switch fails in an unsecure manner (open), unauthorized traffic originating externally to the enclave may enter or the device may permit unauthorized information release. Fail secure is a condition achieved by employing information system mechanisms to ensure, in the event of an operational failure of the switch, that it does not enter into an unsecure state where intended security properties no longer hold. If the device fails, it must not fail in a manner that will allow unauthorized access. If the switch fails for any reason, it must stop forwarding traffic altogether or maintain the configured security policies. If the device stops forwarding traffic, maintaining network availability would be achieved through device redundancy. An example is a firewall that blocks all traffic rather than allowing all traffic when a firewall component fails (e.g., fail closed and do not forward traffic). This prevents an attacker from forcing a failure of the system in order to obtain access. Abort refers to stopping a program or function before it has finished naturally. The term abort refers to both requested and unexpected terminations.

STIG	Date
Layer 2 Switch Security Requirements Guide	2021-05-17

Details

Check Text ( C-6908r298380_chk )
Review the vendor documentation to determine if the layer 2 switch will fail to a secure state in the event that the system initialization fails, shutdown fails, or abort fails. If the layer 2 switch does not fail to a secure state in the event that the system initialization fails, shutdown fails, or abort fails, this is a finding.

Fix Text (F-6908r298381_fix)
Configure the layer 2 switch to fail to a secure state upon failure of initialization, shutdown, or abort actions.