Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-39659 | ENTD0200 | SV-51526r2_rule | High |
Description |
---|
Systems found in the Zone D test and development environment are typically non-IA-compliant test systems that include hardware, software, or development systems. These systems typically do not follow the appropriate best security practices. Therefore, if they are connected to any operational network, it is possible to infect live data or degrade infrastructure in an operational network. |
STIG | Date |
---|---|
Test and Development Zone D Security Technical Implementation Guide | 2018-09-17 |
Check Text ( C-46814r3_chk ) |
---|
Review the organization's network diagrams for the Zone D test and development environment and work with the network reviewer to determine whether the environment is physically separate and isolated from any DoD operational network. If physical separation or isolation is not shown for the Zone D test and development environment on the network diagrams, this is a finding. |
Fix Text (F-44667r3_fix) |
---|
Physically separate and isolate the Zone D test and development environment from any DoD operational network. |