Check: NET0090
Network Infrastructure Policy STIG:
NET0090
(in versions v10 r6 through v9 r2)
Title
Network topology diagrams for the enclave must be maintained and up to date at all times. (Cat II impact)
Discussion
To assist in the management, auditing, and security of the network infrastructure facility drawings and topology maps are a necessity. Topology maps are important because they show the overall layout of the network infrastructure and where devices are physically located. They also show the relationship and interconnectivity between devices and where possible intrusive attacks could take place. Having up to date network topology diagrams will also help show what the security, traffic, and physical impact of adding a new user(s) will be on the network.
Check Content
Validate the network diagram by correlating the information with all routers, multi-layer switches, and firewall configurations. Validate all subnets have been documented accordingly. Validate any connectivity documented on the diagram by physically examining the cable connections for the downstream and upstream links, as well as connections for major network components (Routers, Switches, Firewalls, IDS/IPS, etc.). If the site has not maintained network topology diagrams for the enclave, this is a finding.
Fix Text
Update the enclave's network topology diagram to represent the current state of the network and its connectivity.
Additional Identifiers
Rule ID: SV-251353r806014_rule
Vulnerability ID: V-251353
Group Title: NET0090
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001098 |
The information system connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture. |
Controls
Number | Title |
---|---|
SC-7 |
Boundary Protection |