Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
A deny-by-default security posture must be implemented for traffic entering and leaving the enclave.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-11796 | NET0369 | SV-12294r4_rule | High |
| Description |
|---|
| To prevent malicious or accidental leakage of traffic, organizations must implement a deny-by-default security posture at the network perimeter. Such rulesets prevent many malicious exploits or accidental leakage by restricting the traffic to only known sources and only those ports, protocols, or services that are permitted and operationally necessary. Applications, protocols, TCP/UDP ports, and endpoints (specific hosts or networks) are identified and used to develop rulesets and access control lists to restrict traffic to and from an enclave. Rules or access control statements containing "any" for either the host, destination, protocol, or port are prohibited. |
| STIG | Date |
|---|---|
| Network Infrastructure Policy Security Technical Implementation Guide | 2016-12-22 |
Details
| Check Text ( C-7782r8_chk ) |
|---|
| Determine if a deny-by-default security posture has been implemented for both inbound and outbound traffic on the perimeter router or firewall. If a deny-by-default security posture has not been implemented at the network perimeter, this is a finding. |
| Fix Text (F-11043r6_fix) |
|---|
| Implement a deny-by-default security posture on either the enclave perimeter router or firewall. |