The router must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including NSA configuration guides, Communications Tasking Orders (CTOs), and Directive-Type Memorandums (DTMs).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-55791	SRG-NET-000512-RTR-000113	SV-70045r1_rule		Medium

Description
If the router does not follow established security guidance, it is likely that it is not adequately secured, which increases the risk. Configuring the router to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. Common secure configurations (also referred to as security configuration checklists, lockdown and hardening guides, security reference guides, security technical implementation guides) provide recognized, standardized, and established benchmarks that stipulate secure configuration settings for specific information technology platforms/products and instructions for configuring those information system components to meet operational requirements. Typically, an equipment vendor provides their product on an appliance with an embedded operating system (either a modified version of a common operating system or a proprietary operating system) and other application and/or database code. To minimize risk, a router must use a secure or hardened platform and comply with all applicable configuration guidance.

Description

If the router does not follow established security guidance, it is likely that it is not adequately secured, which increases the risk. Configuring the router to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. Common secure configurations (also referred to as security configuration checklists, lockdown and hardening guides, security reference guides, security technical implementation guides) provide recognized, standardized, and established benchmarks that stipulate secure configuration settings for specific information technology platforms/products and instructions for configuring those information system components to meet operational requirements. Typically, an equipment vendor provides their product on an appliance with an embedded operating system (either a modified version of a common operating system or a proprietary operating system) and other application and/or database code. To minimize risk, a router must use a secure or hardened platform and comply with all applicable configuration guidance.

STIG	Date
Router Security Requirements Guide	2016-07-01

Details

Check Text ( C-56359r1_chk )
Review the configuration of the router and verify that it is configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance. This may involve interviewing the System Administrators, ISSM or personnel designated by the ISSM, and the program's Configuration Management personnel. If it is not configured in accordance with DoD security configuration or implementation guidance, this is a finding.

Check Text ( C-56359r1_chk )

Review the configuration of the router and verify that it is configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance. This may involve interviewing the System Administrators, ISSM or personnel designated by the ISSM, and the program's Configuration Management personnel.

If it is not configured in accordance with DoD security configuration or implementation guidance, this is a finding.

Fix Text (F-60663r1_fix)
Configure the router in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including NSA configuration guides, CTOs, and DTMs. Follow local change management processes when implementing configuration changes.