UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Remote management access and SNMP access and reporting are not restricted by IP address and/or subnet.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17704 RTS-VTC 3160.00 SV-18878r2_rule DCBP-1 ECSC-1 Medium
Description
In any network device management system, it is best practice to limit the IP address or addresses from which a network attached device can be accessed and to which device status information can be sent.
STIG Date
Video Services Policy STIG 2018-09-19

Details

Check Text ( C-18974r1_chk )
[IP]; Interview the IAO and validate compliance with the following requirement:

If the VTU is connected to an IP based LAN, ensure remote management access (administrator and management system/server/application) and SNMP access and reporting is restricted by IP address and/or subnet.

Determine what IP addresses or subnets are authorized to send VTC system/device “Remote Control/Management/Configuration” messages and what IP addresses or subnets are authorized to receive monitoring or status messages from the VTC system/device. Have the SA demonstrate how the VTC system/device is configured to restrict “Remote Control/Management/Configuration” messages to and from these authorized IP addresses or subnets. This is a finding if there is no limitation on either sending or receiving these messages.

Note: During APL testing, this is a finding in the event the VTC system/devoice does not support the limiting of all management traffic to authorized IP addresses or subnets.
Fix Text (F-17601r1_fix)
[IP]; Perform the following tasks:
Configure the VTC system/device to restrict The source and/or destination of VTC system/device “Remote Control/Management/Configuration” and monitoring/status traffic to/from authorized IP addresses or subnets.