The network device must be configured to automatically disable the device if any of the organization defined list of security violations are detected.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000037-NDM-000024	SRG-NET-000037-NDM-000024	SRG-NET-000037-NDM-000024_rule		Medium

Description
Incident related information can be obtained from a variety of sources including network monitoring. To reduce or eliminate the risk to the network, the network device must be configured to disable the network or monitored devices when specific events are detected. Monitored devices may include workstations, hosts, or other devices registered with the network device Since the network device is a major part of the network's protection and defense system, a compromised system may allow malicious attacks to bypass the network's controls.

Description

Incident related information can be obtained from a variety of sources including network monitoring. To reduce or eliminate the risk to the network, the network device must be configured to disable the network or monitored devices when specific events are detected. Monitored devices may include workstations, hosts, or other devices registered with the network device Since the network device is a major part of the network's protection and defense system, a compromised system may allow malicious attacks to bypass the network's controls.

STIG	Date
Network Device Management Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000037-NDM-000024_chk )
Verify the network device is configured to disable itself based on the violation detected. If the network device is not configured to disable itself based on the violation detected, this is a finding.

Fix Text (F-SRG-NET-000037-NDM-000024_fix)
Configure the network device to disable itself based on the violation detected.