Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-28784 | NET0405 | SV-36774r4_rule | ECSC-1 | Medium |
Description |
---|
Call home services or features will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. The risk that transmission of sensitive data sent to unauthorized persons could result in data loss or downtime due to an attack. |
STIG | Date |
---|---|
WLAN Access Point (Enclave-NIPRNet Connected) Security Technical Implementation Guide (STIG) | 2016-01-07 |
Check Text ( C-35853r3_chk ) |
---|
Review the device configuration to determine if the call home service or feature is disabled on the device. If the call home service is enabled on the device, this is a finding. |
Fix Text (F-31103r1_fix) |
---|
Configure the network device to disable the call home service or feature. |