UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Tunnel entry and exit points must be in a deny-by-default security posture.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18648 NET-TUNL-007 SV-20240r2_rule ECSC-1 Medium
Description
Having tunnels in a permit any any posture allow traffic to enter and exit the enclave without control from the Information Assurance team or SA.
STIG Date
Perimeter L3 Switch Security Technical Implementation Guide - Cisco 2017-03-09

Details

Check Text ( C-22367r1_chk )
Follow the procedures defined in NET-TUNL-002 to determine all tunnel entry and exit points, then ensure each end-point is in a deny by default posture inbound and outbound.
Fix Text (F-19293r1_fix)
Apply a deny by default posture on every tunnel end-point.