Check: SRG-NET-000205-CLD-000080
Cloud Computing Mission Owner SRG:
SRG-NET-000205-CLD-000080
(in version v1 r0.1)
Title
The IaaS/PaaS must be configured to maintain separation of all management and data traffic. (Cat II impact)
Discussion
The Virtual Datacenter Management system provides a management plane for privileged access and communications. Separation of management and user traffic, including access to the Customer Portal, is provided to the DOD Mission Owner by the CSP for the purpose of provisioning and configuring cloud service offerings. Additionally, service end-points for Application Program Interfaces (API) and Command Line Interfaces (CLI) are also available as part of the Customer Portal network. These systems can be accessed through the internet by DOD privileged users only (e.g., DOD system and network administrators).
Check Content
Applies to all impact levels. Verify the IaaS/PaaS is configured to maintain logical separation of all management and data traffic. If the IaaS/PaaS does not maintain separation of all management and data traffic, this is a finding.
Fix Text
This applies to all Impact Levels. FedRAMP Moderate, High. Configure the IaaS/PaaS to maintain separation of all management and data traffic.
Additional Identifiers
Rule ID: SRG-NET-000205-CLD-000080_rule
Vulnerability ID: SRG-NET-000205-CLD-000080
Group Title: SRG-NET-000205-CLD-000080
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001097 |
The information system monitors and controls communications at the external boundary of the information system and at key internal boundaries within the system. |
Controls
Number | Title |
---|---|
SC-7 |
Boundary Protection |