Title

Boundary protection applications must prevent discovery of specific system components (or devices) composing a managed interface. (Cat II impact)

Discussion

Firewall control requirement for isolating and preventing the discovery of management interfaces. This control enhancement is intended to protect the network addresses of information system components that are part of the managed interface from discovery through common tools and techniques used to identify devices on a network. Rationale for non-applicability: The requirement for application sandboxing precludes applications from serving as a security boundary for other applications. If an application were granted the ability to perform this function, the application could perform a man-in-the-middle attack on other applications running on the device.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

e requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46957r1_rule

Vulnerability ID: V-35670

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.