Check: NET0346
Network Infrastructure Policy STIG:
NET0346
(in versions v10 r6 through v10 r1)
Title
All hosted NIPRNet-only applications must be located in a local enclave Demilitarized Zone (DMZ). (Cat II impact)
Discussion
Without the protection of a DMZ, production networks will be prone to outside attacks as they are allowing externally accessible services to be accessed on the internal LAN. This can cause many undesired consequences such as access to the entire network, Denial of Service attacks, or theft of sensitive information.
Check Content
Review the network topology diagram and interview the ISSO to verify that all NIPRNet-only applications are located in a local enclave DMZ. If there are any NIPRNet-only applications not hosted in the enclave's DMZ, this is a finding.
Fix Text
Implement and move NIPRNet-only applications to a local enclave DMZ.
Additional Identifiers
Rule ID: SV-251364r853651_rule
Vulnerability ID: V-251364
Group Title: NET0346
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002395 |
The information system implements subnetworks for publicly accessible system components that are physically and/or logically separated from internal organizational networks. |
CCI-002425 |
The information system implements cryptographic mechanisms to conceal or randomize communication patterns unless otherwise protected by organization-defined alternative physical safeguards. |