UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must enforce approved authorizations for controlling the flow of information within the network in accordance with applicable policy.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000018-NDM-000018 SRG-NET-000018-NDM-000018 SRG-NET-000018-NDM-000018_rule Low
Description
Information flow control regulates where information is allowed to travel. Flow control mechanisms, such as the network device, use security attributes to control and restrict information flow. Security attributes (a type of metadata) are information about one or more pieces of data. This information is bound to the data and may include information about the data's purpose, creator, origin, or classification. This control applies to the flow of information within an individual network device. Internal component communication, such as between the network device, router, and IPS, is not included in this control. The network device must restrict information flow within the component to authorized communications. A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design. If information flow is not enforced based on approved authorizations, unauthorized commands, functionality, or traffic may be allowed to infiltrate security components, causing corruption or other undesirable conditions. Examples of flow control restrictions include preventing installed applications or functions from accessing security configurations; or preventing unauthorized commands from executing on the network device.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000018-NDM-000018_chk )
Verify the network device enforces approved authorizations for controlling the flow of information within the network in accordance with applicable policy. If the network device does not enforce approved authorizations for controlling the flow of information within the network in accordance with applicable policy, this is a finding.
Fix Text (F-SRG-NET-000018-NDM-000018_fix)
Configure the network device to enforce approved authorizations for controlling the flow of information within the network in accordance with applicable policy.