The network device must implement an isolation boundary to minimize the number of non-security functions included within the boundary containing security functions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000187-NDM-000145 | SRG-NET-000187-NDM-000145 | SRG-NET-000187-NDM-000145_rule | Medium |
| Description |
|---|
| The network device must be designed and configured to minimize the number of non-security functions included within the boundary containing security functions. An isolation boundary, implemented via partitions and domains, must be used to minimize the mixture of these functions, thus minimizing the risk of leakage or corruption of privileged information. This control is normally a function of the network device application design and is usually not a configurable setting; however, in some applications, there may be settings that must be configured to optimize function isolation. For most network devices, internal information flow control is a product of system design. |
| STIG | Date |
|---|---|
| Network Device Management Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000187-NDM-000145_chk ) |
|---|
| Verify the network device implements an isolation boundary to minimize the number on non-security functions included within the boundary containing security functions. If the network device does not implement an isolation boundary to minimize the number of non-security functions included within the boundary containing security functions, this is a finding. |
| Fix Text (F-SRG-NET-000187-NDM-000145_fix) |
|---|
| Configure the network device to implement an isolation boundary to minimize the number of non-security functions included within the boundary containing security functions. |