Title

The test and development infrastructure must use a gateway to separate access to DoD operational networks. (Cat II impact)

Discussion

Acting as the first hop into a test and development environment, the gateway can implement proper routing and provide a first layer of defense against attacks and other unintentional compromise or spillage of sensitive information into the operational network.

Check Content

Review the network diagrams and physically check to see whether the organization has a gateway implemented for the test and development environment. If the organization has not documented or implemented a gateway for the test and development environment, this is a finding.

Fix Text

Install a gateway to separate the test and development environment from the DoD operational network. Document it in the test and development network diagrams.

Additional Identifiers

Rule ID: SV-51485r1_rule

Vulnerability ID: V-39627

Group Title: ENTD0160 - The test and development environment does have a gateway.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.