The operating system must disable the use of organization defined networking protocols within the operating system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33259	SRG-OS-000248-NA	SV-43678r1_rule		Medium

Description
Some networking protocols may not meet security requirements to protect data and components. The organization can either make a determination as to the relative security of the networking protocol or base the security decision on the assessment of other entities. Based on that assessment some may be deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. Rationale for non-applicability: This vulnerability is better addressed by CCI-001118, which requires host-based firewall with same functionality as described here.

Description

Some networking protocols may not meet security requirements to protect data and components. The organization can either make a determination as to the relative security of the networking protocol or base the security decision on the assessment of other entities. Based on that assessment some may be deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. Rationale for non-applicability: This vulnerability is better addressed by CCI-001118, which requires host-based firewall with same functionality as described here.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-04-12

Details

Check Text ( C-41556r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37189r1_fix)
The requirement is NA. No fix is required.