Check: NET0180
Network Infrastructure Policy STIG:
NET0180
(in versions v10 r3 through v9 r2)
Title
All global address ranges used on unclassified and classified networks must be properly registered with the DoD Network Information Center (NIC). (Cat II impact)
Discussion
If network address space is not properly configured, managed, and controlled, the network could be accessed by unauthorized personnel resulting in security compromise of site information and resources. Allowing subscribers onto the network whose IP addresses are not registered with the .Mil NIC may allow unauthorized users access into the network. These unauthorized users could then monitor the network, steal passwords, and access classified information.
Check Content
Validate global IP addresses in use on unclassified or classified networks registered through the DoD Network Information Center. For NIPRNet, go to the website https://www.nic.mil. For SIPRNet, go to the web portal at http://www.ssc.smil.mil. To verify Department of the Navy IP addresses, go to http://infosec.navy.mil.ipaddress.com. If the site is using an address space that has not been registered and allocated to the site, this is a finding.
Fix Text
Submit any unregistered and/or unauthorized global IP addresses to the DoD Network Information Center (NIC) for registration.
Additional Identifiers
Rule ID: SV-251359r806032_rule
Vulnerability ID: V-251359
Group Title: NET0180
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |