UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

SDN controller must be configured to forward traffic based on security requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-80797 SRG-NET-000512-SDN-001060 SV-95507r1_rule Medium
Description
For security reasons, an organization may choose to have traffic that is inbound to a server go through a specific firewall. In order not to consume the resources of the firewall with clean traffic, the organization may want to choose to redirect the traffic that is outbound from the server to not go through the firewall. Today, zero-trust models are being implemented within the data center; applications and workloads trust no other workload; hence, connectivity between them is not allowed unless explicitly authorized. Each application or workload can have its own security policies. With the advent of cloud networking and multi-tenancy, security policies have evolved to be more workload and application-centric (for example, what type of application, who the tenant is, and which tier of the application is being protected). The SDN Controller must enforce these policies by controlling the forwarding of packets to specific destinations for specific workloads based on the rules provided within the policies.
STIG Date
SDN Controller Security Requirements Guide 2020-03-06

Details

Check Text ( C-80533r1_chk )
Review the SDN controller configuration to determine if it is configured to forward traffic based on security requirements that have been provided from a security service or policy engine via the northbound API.

If the SDN Controller is not configured to forward traffic based on security requirements, this is a finding.
Fix Text (F-87651r1_fix)
Configure the SDN controller to forward traffic based on security requirements.