Check: NET0348
Network Infrastructure Policy STIG:
NET0348
(in versions v10 r6 through v10 r1)
Title
All Internet-facing applications must be hosted in a DoD Demilitarized Zone (DMZ) Extension. (Cat II impact)
Discussion
Without the protection of a DMZ, production networks will be prone to outside attacks as they are allowing externally accessible services to be accessed on the internal LAN. This can cause many undesired consequences such as access to the entire network, Denial of Service attacks, or theft of sensitive information.
Check Content
Review the network topology diagram and interview the ISSO to verify that all Internet-facing applications are hosted in a DoD DMZ Extension. If there are any Internet-facing applications hosted in the enclave's DMZ or private network, this is a finding.
Fix Text
Implement and move internet facing applications logically to a DoD DMZ Extension.
Additional Identifiers
Rule ID: SV-251365r806050_rule
Vulnerability ID: V-251365
Group Title: NET0348
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |