UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Tunnel entry and exit points must be in a deny-by-default security posture.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18648 NET-TUNL-007 SV-20240r2_rule ECSC-1 Medium
Description
Having tunnels in a permit any any posture allow traffic to enter and exit the enclave without control from the Information Assurance team or SA.
STIG Date
Perimeter Router Security Technical Implementation Guide Cisco 2018-02-27

Details

Check Text ( C-22367r1_chk )
Follow the procedures defined in NET-TUNL-002 to determine all tunnel entry and exit points, then ensure each end-point is in a deny by default posture inbound and outbound.
Fix Text (F-19293r1_fix)
Apply a deny by default posture on every tunnel end-point.