UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

SDN Controller Security Requirements Guide


Overview

Date Finding Count (34)
2024-05-28 CAT I (High): 6 CAT II (Med): 28 CAT III (Low): 0
STIG Description
This Security Requirements Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-206728 High The SDN controller must be configured to authenticate southbound Application Program Interface (API) control-plane messages received from SDN-enabled network elements using a FIPS-approved message authentication code algorithm.
V-206729 High The SDN controller must be configured to authenticate northbound Application Program Interface (API) messages received from business applications and management systems using a FIPS-approved message authentication code algorithm.
V-206731 High The SDN controller must be configured to encrypt all northbound Application Program Interface (API) messages using a FIPS-validated cryptographic module.
V-206730 High The SDN controller must be configured to encrypt all southbound Application Program Interface (API) control-plane messages using a FIPS-validated cryptographic module.
V-206733 High The SDN controller must be configured to encrypt all southbound Application Program Interface (API) management-plane messages using a FIPS-validated cryptographic module.
V-206732 High The SDN controller must be configured to authenticate received southbound Application Program Interface (API) management-plane messages using a FIPS-approved message authentication code algorithm.
V-206722 Medium The SDN controller must be configured to generate audit records containing information that establishes the identity of any individual or process associated with the event.
V-206723 Medium The SDN controller must be configured to disable non-essential capabilities.
V-206720 Medium The SDN controller must be configured to produce audit records containing information to establish the source of the events.
V-206721 Medium The SDN controller must be configured to produce audit records containing information to establish the outcome of the events.
V-206726 Medium The SDN controller must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by rate-limiting control-plane communications.
V-206727 Medium The SDN controller must be configured to only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.
V-206724 Medium The SDN controller must be configured to enforce a policy to manage bandwidth and to limit the effects of a packet-flooding Denial of Service (DoS) attack.
V-206725 Medium The SDN controllers must be configured as a cluster in active/active or active/passive mode to preserve any information necessary to determine cause of a system failure and to maintain network operations with least disruption to workload processes and flows.
V-206740 Medium The SDN controller must be configured to generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
V-206741 Medium The SDN controller must be configured to notify the ISSO and ISSM of failed verification tests for organization-defined security functions.
V-206742 Medium The SDN controller must be configured to prohibit user installation of software without explicit privileged status.
V-206743 Medium The SDN controller must be configured to enforce access restrictions associated with changes to the configuration.
V-206744 Medium The SDN controller must be configured to audit the enforcement actions used to restrict access associated with changes to any application within the SDN framework.
V-216509 Medium The SDN controller must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.
V-206719 Medium The SDN controller must be configured to produce audit records containing information to establish where the events occurred.
V-206718 Medium The SDN controller must be configured to produce audit records containing information to establish when the events occurred.
V-206735 Medium The SDN Controller must be configured to notify the forwarding device to either drop the packet or make an entry in the flow table for a received packet that does not match any flow table entries.
V-206734 Medium The SDN controller must be configured to be deployed as a cluster and on separate physical hosts.
V-206737 Medium The SDN controller must be configured to enable multi-tenant virtual networks to be fully isolated from one another.
V-206736 Medium SDN controller must be configured to forward traffic based on security requirements.
V-264313 Medium The SDN controller must be configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.
V-264312 Medium The SDN controller must be configured to employ organization-defined controls by type of denial of service (DoS) to achieve the DoS objective.
V-206717 Medium The SDN controller must be configured to produce audit records containing information to establish what type of events occurred.
V-206716 Medium The SDN controller must be configured to enforce approved authorizations for controlling the flow of traffic within the network based on organization-defined information flow control policies.
V-206715 Medium The SDN controller must be configured to enforce approved authorizations for access to system resources in accordance with applicable access control policies.
V-206739 Medium The SDN controller must be configured to isolate security functions from non-security functions.
V-206738 Medium The SDN controller must be configured to separate tenant functionality from system management functionality.
V-264314 Medium The SDN controller must be configured to establish organization-defined alternate communications paths for system operations organizational command and control.