The test and development environment must not have access to DoD operational networks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-39660	ENTD0210	SV-51527r1_rule	ECSC-1	Medium

Description
Systems or devices used for test data that do not meet minimum IA standards for accreditation are a risk to a DoD operational network if allowed to communicate between environments. Data that has not been fully tested and finalized for use in an operational network may cause unintended consequences, such as data loss or corruption. Unvetted data allowed into a DoD operational network from non-IA-compliant machines may also contain malicious code that could be used to steal or damage live data.

Description

Systems or devices used for test data that do not meet minimum IA standards for accreditation are a risk to a DoD operational network if allowed to communicate between environments. Data that has not been fully tested and finalized for use in an operational network may cause unintended consequences, such as data loss or corruption. Unvetted data allowed into a DoD operational network from non-IA-compliant machines may also contain malicious code that could be used to steal or damage live data.

STIG	Date
Test and Development Zone D Security Technical Implementation Guide	2018-09-17

Details

Check Text ( C-46815r1_chk )
Determine whether there are procedures in place to prohibit non-IA-compliant systems or devices from accessing any DoD operational network. If no procedure is in place to prohibit connection to any DoD operational network by non-IA-compliant systems, this is a finding.

Fix Text (F-44668r1_fix)
Prohibit non-IA-compliant systems or devices in the test and development environment from accessing any DoD operational network or live data.