Title

Virtual machines used for application development and testing must not share the same physical host with DoD operational virtual machines. (Cat II impact)

Discussion

Attacks on virtual machines from other VMs through denial of service and other attacks potentially stealing sensitive data such as source code used in application development. It is imperative to keep DoD operational virtual machines on physically separate platforms from test and development virtual machines.

Check Content

Review the system plan to determine whether physical hosts are sharing DoD operational and test and development virtual machines.

Fix Text

Engineer a solution to use separate physical hosts for DoD operational and T&D virtual machines.

Additional Identifiers

Rule ID: SV-51539r1_rule

Vulnerability ID: V-39672

Group Title: ENTD0330 - Operational along with test and developments VMs share same host.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.