UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must isolate security functions from non-security functions.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000184-NDM-000143 SRG-NET-000184-NDM-000143 SRG-NET-000184-NDM-000143_rule Low
Description
The network device must be designed and configured to isolate security functions from non-security functions. An isolation boundary is implemented via partitions and domains. This boundary must provide separation between processes having different security levels. These processes are used by the hardware, software, and firmware of the network device to perform various functions. The network device application must maintain a separate execution domain (e.g., address space) for each executing process to minimize the risk of leakage or corruption of privileged information. This control is normally a function of the network device application design and is usually not a configurable setting; however, there may be settings in some network device applications that must be configured to optimize function isolation. For most network devices, this function is a product of system design.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000184-NDM-000143_chk )
Verify the network device isolates security functions from non-security functions. If the network device does not isolate security functions from non-security functions, this is a finding.
Fix Text (F-SRG-NET-000184-NDM-000143_fix)
Configure the network device to isolate security functions from non-security functions.