Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000189-NDM-000146 | SRG-NET-000189-NDM-000146 | SRG-NET-000189-NDM-000146_rule | Medium |
Description |
---|
The network device must be designed and configured to implement security functions as a layered structure. An isolation boundary, using separate partitions and domains, must be used to minimize interactions between layers of the design. The lower layers of the design should not depend upon the upper layers. If one layer experiences an error in functionality or security, this should not impact the function of the remaining layers. This layered design minimizes the risk of leakage or corruption of privileged information. This control is normally a function of the network device application design and is usually not a configurable setting; however, in some applications, there may be settings that must be configured to optimize function isolation. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2013-07-30 |
Check Text ( C-SRG-NET-000189-NDM-000146_chk ) |
---|
Verify the network device implements security functions as a layered structure minimizing interactions between layers of the design and avoiding and dependence by lower layers on the functionality or correctness of higher layers. If the network device does not implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers, this is a finding. |
Fix Text (F-SRG-NET-000189-NDM-000146_fix) |
---|
Configure the network device to implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality of correctness of higher layers. |