| V-80785 | High | The SDN controller must be configured to encrypt all southbound Application Program Interface (API) control-plane messages using a FIPS-validated cryptographic module. | Southbound APIs such as OpenFlow provide the forwarding tables to network devices, such as switches and routers, both physical and virtual (hypervisor-based). The SDN controllers use the concept... |
| V-80787 | High | The SDN controller must be configured to encrypt all northbound Application Program Interface (API) messages using a FIPS-validated cryptographic module. | The SDN controller receives network service requests from orchestration and management systems to deploy and configure network elements via the northbound API. In turn, the northbound API presents... |
| V-80791 | High | The SDN controller must be configured to encrypt all southbound Application Program Interface (API) management-plane messages using a FIPS-validated cryptographic module. | An SDN controller can manage and configure SDN-enabled devices using protocols such as SNMP and NETCONF. If an SDN-aware router or switch received erroneous configuration information that was... |
| V-80781 | High | The SDN controller must be configured to authenticate southbound Application Program Interface (API) control-plane messages received from SDN-enabled network elements using a FIPS-approved message authentication code algorithm. | Southbound APIs such as OpenFlow provide the forwarding tables to network devices, such as switches and routers, both physical and virtual (hypervisor-based). The SDN controllers use the concept... |
| V-80789 | High | The SDN controller must be configured to authenticate received southbound Application Program Interface (API) management-plane messages using a FIPS-approved message authentication code algorithm. | The SDN controller can receive management-plane traffic from the SDN-enabled devices that it monitors and manages. The messages could be responses from SNMP get requests as well as SNMP... |
| V-80783 | High | The SDN controller must be configured to authenticate northbound Application Program Interface (API) messages received from business applications and management systems using a FIPS-approved message authentication code algorithm. | The SDN controller determines how traffic should flow through physical and virtual network devices based on application profiles, network infrastructure resources, security policies, and business... |
| V-80773 | Medium | The SDN controller must be configured to enforce a policy to manage bandwidth and to limit the effects of a packet-flooding Denial of Service (DoS) attack. | A network element experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU caused by a DoS attack will also have an effect on control keep-alives... |
| V-80799 | Medium | The SDN controller must be configured to enable multi-tenant virtual networks to be fully isolated from one another. | Network-as-a-Service (NaaS) is often implemented in a multi-tenant paradigm, where customers share network infrastructure and services while they are logically isolated from each other. SDN... |
| V-80777 | Medium | The SDN controller must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by rate-limiting control-plane communications. | The SDN Controller is critical to all network operations because it is the component used to build all forwarding paths for the data plane via control-plane processes. It is also instrumental with... |
| V-80811 | Medium | The SDN controller must be configured to enforce access restrictions associated with changes to the configuration. | Failure to provide logical access restrictions associated with changes to application configuration may have significant effects on the overall security of the system.
When dealing with access... |
| V-80769 | Medium | The SDN controller must be configured to generate audit records containing information that establishes the identity of any individual or process associated with the event. | Without information that establishes the identity of the subjects (i.e., users or processes acting on behalf of users) associated with the events, security personnel cannot determine... |
| V-80767 | Medium | The SDN controller must be configured to produce audit records containing information to establish the outcome of the events. | Without information about the outcome of events, security personnel cannot make an accurate assessment as to whether an attack was successful or if changes were made to the security state of the... |
| V-80765 | Medium | The SDN controller must be configured to produce audit records containing information to establish the source of the events. | Without establishing the source of the event, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack. In order to compile an accurate risk... |
| V-80813 | Medium | The SDN controller must be configured to audit the enforcement actions used to restrict access associated with changes to any application within the SDN framework. | Without auditing the enforcement of access restrictions against changes to any application within the SDN framework, it will be difficult to identify attempted attacks and an audit trail will not... |
| V-80797 | Medium | SDN controller must be configured to forward traffic based on security requirements. | For security reasons, an organization may choose to have traffic that is inbound to a server go through a specific firewall. In order not to consume the resources of the firewall with clean... |
| V-100101 | Medium | The SDN controller must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs. | Configuring the network device to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
| V-80775 | Medium | The SDN controllers must be configured as a cluster in active/active or active/passive mode to preserve any information necessary to determine cause of a system failure and to maintain network operations with least disruption to workload processes and flows. | Failure in a known state can address safety or security in accordance with the mission needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality,... |
| V-80771 | Medium | The SDN controller must be configured to disable non-essential capabilities. | It is detrimental for network elements to provide, or enable by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked... |
| V-80757 | Medium | The SDN controller must be configured to enforce approved authorizations for controlling the flow of traffic within the network based on organization-defined information flow control policies. | Unrestricted traffic may contain malicious traffic which poses a threat to an enclave or data center. Additionally, unrestricted traffic may transit a network consuming bandwidth and network node... |
| V-80755 | Medium | The SDN controller must be configured to enforce approved authorizations for access to system resources in accordance with applicable access control policies. | To mitigate the risk of unauthorized access to system resources within the SDN framework, authorization procedures and controls must be implemented to ensure each authenticated entity also has a... |
| V-80761 | Medium | The SDN controller must be configured to produce audit records containing information to establish when the events occurred. | Without establishing when events occurred, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack. In order to compile an accurate risk assessment,... |
| V-80763 | Medium | The SDN controller must be configured to produce audit records containing information to establish where the events occurred. | Without establishing where events occurred, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack. In order to compile an accurate risk assessment,... |
| V-80759 | Medium | The SDN controller must be configured to produce audit records containing information to establish what type of events occurred. | Without establishing what type of event occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack. Audit record content that may be... |
| V-80793 | Medium | The SDN controller must be configured to be deployed as a cluster and on separate physical hosts. | SDN relies heavily on control messages between a controller and the forwarding devices for network convergence. The controller uses node and link state discovery information to calculate and... |
| V-80809 | Medium | The SDN controller must be configured to prohibit user installation of software without explicit privileged status. | Allowing regular users to install software, without explicit privileges, creates the risk that untested or potentially malicious software will be installed on the system. Explicit privileges... |
| V-80779 | Medium | The SDN controller must be configured to only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations. | Unrestricted traffic may contain malicious traffic which poses a threat to an enclave or data center. Additionally, unrestricted traffic may transit a network consuming bandwidth and network node... |
| V-80795 | Medium | The SDN Controller must be configured to notify the forwarding device to either drop the packet or make an entry in the flow table for a received packet that does not match any flow table entries. | Reactive flow setup occurs when the SDN-aware switch receives a packet that does not match the flow table entries and hence the switch has to send the packet to the controller for processing. Once... |
| V-80803 | Medium | The SDN controller must be configured to isolate security functions from non-security functions. | An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform security functions.
Security functions are the hardware, software,... |
| V-80801 | Medium | The SDN controller must be configured to separate tenant functionality from system management functionality. | Network-as-a-Service (NaaS) is frequently offered in a multi-tenant paradigm, where customers share network infrastructure. SDN provides an approach to the provisioning of virtual network services... |
| V-80807 | Medium | The SDN controller must be configured to notify the ISSO and ISSM of failed verification tests for organization-defined security functions. | If personnel are not notified of failed security verification tests, they will not be able to take corrective action and the unsecure condition(s) will remain.
Security function is defined as... |
| V-80805 | Medium | The SDN controller must be configured to generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | Providing too much information in error messages on the screen or printout risks compromising the data and security of the SDN controller. The structure and content of error messages need to be... |
