Installation of operating systems on systems and devices in the test and development environment must be logically separated to prohibit access to any operational network.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-39671 | ENTD0320 | SV-51538r1_rule | ECSC-1 | Low |
| Description |
|---|
| Systems are most vulnerable to attack during the installation of an operating system because no security controls have been put in place to protect the system. It is very important to block all access to a system while the operating system is being installed and configured until such time that security controls can be implemented. |
| STIG | Date |
|---|---|
| Test and Development Zone A Security Technical Implementation Guide | 2015-12-17 |
Details
| Check Text ( C-46826r1_chk ) |
|---|
| Determine whether the organization has a connection approval policy on the installation of operating systems within the test and development environment. The policy must include either physically disconnecting or blocking the system at the firewall in order to achieve complete isolation from any network traffic. If no connection approval policy has been developed, this is a finding. |
| Fix Text (F-44679r1_fix) |
|---|
| Create a policy to ensure the test or development system is physically disconnected or blocked at the firewall from any external network during the installation of an operating system. |