Check: ENTD0250
Test and Development Zone A STIG:
ENTD0250
(in versions v1 r6 through v1 r3)
Title
Access control lists between the test and development environments must be in a deny-by-default posture. (Cat II impact)
Discussion
To prevent malicious or accidental leakage of traffic, organizations must implement a deny-by-default security posture between test and development environments. All ingress and egress traffic not explicitly permitted between test and development environments must be denied. Such rule sets prevent many malicious exploits or accidental leakage by regulating the ports, protocols, or services necessary to each environment.
Check Content
Determine whether a deny-by-default security posture has been implemented for both ingress and egress traffic between the test and development environments. If the organization is not using a deny-by-default security posture for traffic between the test and development environments, this is a finding.
Fix Text
Implement a deny-by-default security posture for both ingress and egress traffic between test and development environments.
Additional Identifiers
Rule ID: SV-51531r1_rule
Vulnerability ID: V-39664
Group Title: ENTD0250 - Access control lists not in deny-by-default security posture.
Expert Comments
CCIs
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
| Number | Title |
|---|---|
| No controls are assigned to this check |