Check: NET-TUNL-030
Network Infrastructure Policy STIG:
NET-TUNL-030
(in versions v10 r6 through v9 r2)
Title
DSAWG approval must be obtained before tunneling classified traffic outside the components local area network boundaries across a non-DISN or OCONUS DISN unclassified IP wide area network transport infrastructure. (Cat I impact)
Discussion
CJCSI 6211.02D instruction establishes policy and responsibilities for the connection of any information systems to the Defense Information Systems Network (DISN) provided transport. Enclosure E mandates that the CC/S/A obtain DSAWG approval before tunneling classified data outside component's local area network boundaries across a non-DISN or OCONUS DISN unclassified IP-wide area transport infrastructure.
Check Content
Review the network topology diagram. If there is a connection between the classified network and the unclassified network for the purpose of tunneling classified traffic across a non-DISN or OCONUS DISN unclassified IP network, verify there is approval by the DSAWG. If there is no document stating DSAWG approval, this is a finding.
Fix Text
Remove the connection between the classified and unclassified network. Obtain approval from the DSAWG for the purpose of tunneling classified traffic across a non-DISN or OCONUS DISN unclassified IP network.
Additional Identifiers
Rule ID: SV-251350r877972_rule
Vulnerability ID: V-251350
Group Title: NET-TUNL-030
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002366 |
The organization manages information system authenticators by having devices implement specific security safeguards to protect authenticators. |
CCI-002388 |
The organization defines a list of monitoring tools to be employed to detect indicators of denial of service attacks against the information system. |
CCI-002396 |
The organization protects the confidentiality and integrity of the information being transmitted across each interface for each external telecommunication service. |
CCI-002418 |
The information system protects the confidentiality and/or integrity of transmitted information. |