UCF STIG Viewer Logo

VMware NSX-T Tier 1 Gateway Firewall Security Technical Implementation Guide


Overview

Date Finding Count (10)
2022-03-10 CAT I (High): 1 CAT II (Med): 8 CAT III (Low): 1
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-251760 High The NSX-T Tier-1 Gateway Firewall must not have any unpublished firewall policies or rules.
V-251768 Medium The NSX-T Tier-1 Gateway Firewall must apply ingress filters to traffic that is inbound to the network through any active external interface.
V-251769 Medium The NSX-T Tier-1 Gateway Firewall must configure SpoofGuard to block outbound IP packets that contain illegitimate packet attributes.
V-251766 Medium The NSX-T Tier-1 Gateway Firewall must be configured to send traffic log entries to a central audit server for management and configuration of the traffic log entries.
V-251767 Medium The NSX-T Tier-1 Gateway Firewall must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning.
V-251764 Medium The NSX-T Tier-1 Gateway Firewall must block outbound traffic containing denial-of-service (DoS) attacks to protect against the use of internal information systems to launch any DoS attacks against other networks or endpoints.
V-251765 Medium The NSX-T Tier-1 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
V-251763 Medium Each NSX-T Edge Node configured to host a Tier-1 Gateway Firewall must be configured to use the TLS or LI-TLS protocols to configure and secure traffic log records.
V-251761 Medium The NSX-T Tier-1 Gateway Firewall must generate traffic log entries containing information to establish what type of events occurred.
V-251762 Low The NSX-T Distributed Firewall must generate traffic log entries containing information to establish the details of the event.