Navigate

Check: APSC-DV-003350

Application Security and Development STIG: APSC-DV-003350 (in versions v5 r3 through v4 r2)

Title

Connections between the DoD enclave and the Internet or other public or commercial wide area networks must require a DMZ. (Cat II impact)

Discussion

In order to protect DoD data and systems, all remote access to DoD information systems must be mediated through a managed access control point, such as a remote access server in a DMZ.

Check Content

Interview the application representative and determine if the application is publicly accessible. If the application is publicly accessible and traffic is not being routed through a DMZ, this is a finding.

Fix Text

Setup a DMZ between DoD and public networks.

Additional Identifiers

Rule ID: SV-222671r879887_rule

Vulnerability ID: V-222671

Group Title: SRG-APP-000516

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	The organization implements the security configuration settings.
CCI-001119	The organization isolates organization-defined information security tools, mechanisms, and support components from other internal information system components by implementing physically separate subnetworks with managed interfaces to other components of the system.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings
SC-7 (13)	Isolation Of Security Tools / Mechanisms / Support Components