The network device must not be configured to have any feature enabled that calls home to the vendor. (Cat II impact)
Call-home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. There is a risk that transmission of sensitive data sent to unauthorized persons could result in data loss or downtime due to an attack. (See SRG-NET-000131-RTR-000083.)
Review the device configuration to determine if the call home service or feature is disabled on the device. If the call home service is enabled on the device, this is a finding. Note: This feature can be enabled if the communication is only to a server residing in the local area network or enclave.
Configure the network device to disable the call home service or feature. Note: This feature can be enabled if the communication is only to a server residing in the local area network or enclave.
Rule ID: SV-243238r720169_rule
Vulnerability ID: V-243238
Group Title: SRG-NET-000131
The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.
Restrict Incoming Communications Traffic