Title

Tunneling mechanisms must be used for data transmission between interconnected organizations. (Cat I impact)

Discussion

Using tunnels will prohibit data shared between interconnecting sites from leaking onto untrusted networks. These mechanisms are vital for transit over an untrusted network so sensitive information is not accidentally leaked onto the DISN or a non-DoD network. Typical tunnel mechanisms found in use today include, but are not limited to, IPSec, MPLS, GRE, and TACLANE.

Check Content

Review the network diagrams to determine whether a tunnel is being used for transport across any untrusted network, such as the DISN or ISP. If a tunnel mechanism is not being used to carry information to other organizations over an untrusted network, this is a finding.

Fix Text

Engineer a solution to establish tunnel mechanisms interconnected between organizations over untrusted networks.

Additional Identifiers

Rule ID: SV-51532r1_rule

Vulnerability ID: V-39665

Group Title: ENTD0260 - Tunneling mechanism not used for transport.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.