UCF STIG Viewer Logo

The site has not configured the Sun Ray server in the PNP database.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16418 SUN0360 SV-17414r1_rule DCPP-1 Medium
Description
DoDI 8550.1 Ports, Protocols, and Services Management (PPSM) is the DoD’s policy on IP Ports, Protocols, and Services (PPS). It controls the PPS that are permitted or approved to cross DoD network boundaries. Standard well known and registered IP ports and associated protocols and services are assessed for vulnerabilities and threats to the entire Global Information Grid (GIG) which includes the DISN backbone networks. The results are published in a Vulnerability Assessment (VA) report. Each port and protocol is given a rating of green, yellow, orange, or red in association with each of the 16 defined boundary types. Green means the protocol is relatively secure and is approved to cross the associated boundary without restrictions. Yellow means the protocol has security issues that must be mitigated to be used. Red means that the protocol is prohibited due to vulnerabilities that cannot be mitigated or approved, and is banned when crossing that boundary. The orange category requires DSAWG approval if the protocol exists and is necessary on the network. However, the orange category mandates that new systems and applications must not be developed using this protocol whether it crosses a boundary or not. The PPS Assurance Categories Assignment List (CAL) contains information regarding the assessed ports and protocols and defined boundaries, which is updated on a monthly basis. The PPSM information is available on the IASE and DKO/DoD IA Portal web sites. A portion of the DoDI 8550.1 PPS policy requires registration of those PPS that cross any of the boundaries defined by the policy that are “visible to DoD-managed components”. Therefore, to comply with the policy and ensure that protocols and ports are acceptable, Sun Ray servers will be registered as automated information systems (AIS) with their associated TCP or UDP ports in the DoD Ports and Protocol Registration System.
STIG Date
Sun Ray 4 Policy STIG 2015-04-02

Details

Check Text ( C-17303r1_chk )
If either inbound or outbound traffic to the Sun Ray server is leaving the local
enclave, verify that the server has been registered in the Ports and Protocols (PNP) database (https://pnp.cert.smil.mil) for the site. If it not registered this is a finding. If the traffic is completely contained within the local enclave, this requirement does not apply.
Fix Text (F-16444r1_fix)
Register all Sun Ray traffic that is leaving the local enclave in the PNP database for the site.