Remote access into the test and development environment must originate from a non-DoD operational network segment.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-39670	ENTD0310	SV-51537r1_rule	ECSC-1	Medium

Description
If remote access is needed to access the test and development environment, it must be originated from a non-DoD operational network segment. Examples of this are a virtual machine located on government-furnished equipment used for operational tasks, or a separate physical machine sitting in a separate network segment or VLAN. Keeping direct access off the DoD operational network will reduce the risk of test and development data being leaked, potentially damaging or compromising live data.

Description

If remote access is needed to access the test and development environment, it must be originated from a non-DoD operational network segment. Examples of this are a virtual machine located on government-furnished equipment used for operational tasks, or a separate physical machine sitting in a separate network segment or VLAN. Keeping direct access off the DoD operational network will reduce the risk of test and development data being leaked, potentially damaging or compromising live data.

STIG	Date
Test and Development Zone D Security Technical Implementation Guide	2018-09-17

Details

Check Text ( C-46825r1_chk )
Determine whether remote access to the test and development environment from any DoD operational network segment has been prohibited. If no procedures exist to prohibit remote access to the test and development environment from any DoD operational network, this is a finding.

Fix Text (F-44678r1_fix)
Prohibit remote access from DoD operational networks.