UCF STIG Viewer Logo

Tunneling of classified traffic across an unclassified IP transport network or service provider backbone must be documented in the enclaves security authorization package and an Approval to Connect (ATC), or an Interim ATC must be issued by DISA prior to implementation.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14738 NET-TUNL-028 SV-15494r3_rule Medium
Description
CJCSI 6211.02D instruction establishes policy and responsibilities for the connection of any information systems to the Defense Information Systems Network (DISN) provided transport. Enclosure E mandates that the CC/S/A document all IP tunnels transporting classified communication traffic in the enclave’s security authorization package prior to implementation. An ATC or IATC amending the current connection approval must be in place prior to implementation.
STIG Date
Network Infrastructure Policy Security Technical Implementation Guide 2019-03-12

Details

Check Text ( C-12960r2_chk )
Review the enclave's security authorization package and the ATC or Interim ATC amending the connection approval received.

If the tunneling of classified traffic is not documented in the security authorization package and an ATC or Interim ATC, this is a finding.
Fix Text (F-14204r2_fix)
Document the tunneling of classified traffic in the security authorization package and the ATC or Interim ATC.