Check: NET0210
Network Infrastructure Policy STIG:
NET0210
(in versions v10 r6 through v9 r2)
Title
All network infrastructure devices must be located in a secure room with limited access. (Cat II impact)
Discussion
If all communications devices are not installed within controlled access areas, risk of unauthorized access and equipment failure exists, which could result in denial of service or security compromise. It is not sufficient to limit access to only the outside world or non-site personnel. Not everyone within the site has the need-to-know or the need-for-access to communication devices.
Check Content
Inspect the site to validate physical network components are in a secure environment with limited access. If there are any network components not located in a secure environment, this is a finding.
Fix Text
Move all critical communications into controlled access areas. Controlled access area in this case means controlled restriction to authorize site personnel, i.e., dedicated communications rooms or locked cabinets. This is an area afforded entry control at a security level commensurate with the operational requirement. This protection will be sufficient to protect the network from unauthorized personnel. The keys to the locked cabinets and dedicated communications rooms will be controlled and only provided to authorized network/network security individuals.
Additional Identifiers
Rule ID: SV-251363r806044_rule
Vulnerability ID: V-251363
Group Title: NET0210
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000921 |
The organization controls ingress/egress to the facility where the information system resides using one or more organization-defined physical access control systems/devices or guards. |
Controls
Number | Title |
---|---|
PE-3 |
Physical Access Control |