Title

VPN gateways used to create IP tunnels to transport classified traffic across an unclassified IP network must comply with appropriate physical security protection standards for processing classified information. (Cat II impact)

Discussion

When transporting classified data over an unclassified IP network, it is imperative that the network elements deployed to provision the encrypted tunnels are located in a facility authorized to process the data at the proper classification level.

Check Content

Review the network topology diagram. If there is a connection between the classified network and the unclassified network for the purpose of tunneling classified traffic across the unclassified IP network, verify that the IPsec VPN gateway used to provision the tunnel is compliant with appropriate physical security protection standards for processing classified information. If appropriate physical security protection has not been enforced, this is a finding.

Fix Text

Employ the necessary physical security protection for the VPN gateway devices used for tunneling classified traffic across the unclassified IP network.

Additional Identifiers

Rule ID: SV-251382r806101_rule

Vulnerability ID: V-251382

Group Title: NET1832

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.