Title

The test and development infrastructure must use a DMZ to import and export data between test and development environments and DoD operational networks. (Cat II impact)

Discussion

Most systems that reside in the test and development environment require external access using a DoD network as the transport mechanism. Logical access control mechanisms, such as strictly controlled ACLs for both ingress and egress traffic, must be utilized at the environment boundary. The permissible activities for test and development environments include, but are not limited to, user functional acceptance of a product, final stage testing, and development. Downloading software from the Internet is acceptable for the environment; however, establish a DMZ for such purposes.

Check Content

Determine whether there is a DMZ properly configured for traffic entering and leaving the test and development environment. If a DMZ for traffic entering and leaving the test and development environment is not implemented, this is a finding.

Fix Text

Configure and implement a DMZ for traffic entering and leaving the test and development environment.

Additional Identifiers

Rule ID: SV-51525r1_rule

Vulnerability ID: V-39658

Group Title: ENTD0190 - Data is not transported through a DMZ.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.