Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-39670 | ENTD0310 | SV-51537r1_rule | ECSC-1 | Medium |
Description |
---|
If remote access is needed to access the test and development environment, it must be originated from a non-DoD operational network segment. Examples of this are a virtual machine located on government-furnished equipment used for operational tasks, or a separate physical machine sitting in a separate network segment or VLAN. Keeping direct access off the DoD operational network will reduce the risk of test and development data being leaked, potentially damaging or compromising live data. |
STIG | Date |
---|---|
Test and Development Zone D Security Technical Implementation Guide | 2018-09-17 |
Check Text ( C-46825r1_chk ) |
---|
Determine whether remote access to the test and development environment from any DoD operational network segment has been prohibited. If no procedures exist to prohibit remote access to the test and development environment from any DoD operational network, this is a finding. |
Fix Text (F-44678r1_fix) |
---|
Prohibit remote access from DoD operational networks. |