Remote management access and SNMP access and reporting are not restricted by IP address and/or subnet.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-17704 | RTS-VTC 3160.00 | SV-18878r2_rule | DCBP-1 ECSC-1 | Medium |
| Description |
|---|
| In any network device management system, it is best practice to limit the IP address or addresses from which a network attached device can be accessed and to which device status information can be sent. |
| STIG | Date |
|---|---|
| Video Services Policy STIG | 2020-02-25 |
Details
| Check Text ( C-18974r1_chk ) |
|---|
| [IP]; Interview the IAO and validate compliance with the following requirement: If the VTU is connected to an IP based LAN, ensure remote management access (administrator and management system/server/application) and SNMP access and reporting is restricted by IP address and/or subnet. Determine what IP addresses or subnets are authorized to send VTC system/device “Remote Control/Management/Configuration” messages and what IP addresses or subnets are authorized to receive monitoring or status messages from the VTC system/device. Have the SA demonstrate how the VTC system/device is configured to restrict “Remote Control/Management/Configuration” messages to and from these authorized IP addresses or subnets. This is a finding if there is no limitation on either sending or receiving these messages. Note: During APL testing, this is a finding in the event the VTC system/devoice does not support the limiting of all management traffic to authorized IP addresses or subnets. |
| Fix Text (F-17601r1_fix) |
|---|
| [IP]; Perform the following tasks: Configure the VTC system/device to restrict The source and/or destination of VTC system/device “Remote Control/Management/Configuration” and monitoring/status traffic to/from authorized IP addresses or subnets. |