Check: NET-VLAN-001
Network Infrastructure Policy STIG:
NET-VLAN-001
(in versions v10 r6 through v9 r2)
Title
The organization must ensure all switches and associated cross-connect hardware are kept in a secure Intermediate Distribution Frame (IDF) or an enclosed cabinet that is kept locked. (Cat II impact)
Discussion
Since the IDF includes all hardware required to connect horizontal wiring to the backbone, it is imperative that all switches and associated cross-connect hardware are kept in a secured IDF or an enclosed cabinet that is kept locked. This will also prevent an attacker from gaining privilege mode access to the switch. Several switch products only require a reboot of the switch in order to reset or recover the password.
Check Content
Inspect switches and associated cross-connect hardware are kept in a secured IDF. If the hardware is located in an open area, verify all hardware is located in a secured and locked cabinet. If switches and associated cross-connect hardware are not kept in secured IDFs or locked cabinet, this is a finding.
Fix Text
Place switches and associated cross-connect hardware in a secured IDF. If the hardware is located in an open area, ensure the hardware is located in a secured and locked cabinet.
Additional Identifiers
Rule ID: SV-251352r806011_rule
Vulnerability ID: V-251352
Group Title: NET-VLAN-001
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |