UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000189-NDM-000146 SRG-NET-000189-NDM-000146 SRG-NET-000189-NDM-000146_rule Medium
Description
The network device must be designed and configured to implement security functions as a layered structure. An isolation boundary, using separate partitions and domains, must be used to minimize interactions between layers of the design. The lower layers of the design should not depend upon the upper layers. If one layer experiences an error in functionality or security, this should not impact the function of the remaining layers. This layered design minimizes the risk of leakage or corruption of privileged information. This control is normally a function of the network device application design and is usually not a configurable setting; however, in some applications, there may be settings that must be configured to optimize function isolation.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000189-NDM-000146_chk )
Verify the network device implements security functions as a layered structure minimizing interactions between layers of the design and avoiding and dependence by lower layers on the functionality or correctness of higher layers. If the network device does not implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers, this is a finding.
Fix Text (F-SRG-NET-000189-NDM-000146_fix)
Configure the network device to implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality of correctness of higher layers.