An error occurred:

Check: NET-SDN-018

SDN Using NV STIG: NET-SDN-018 (in version v1 r1)

Title

Servers hosting SDN controllers must have an HIDS implemented to detect unauthorized changes. (Cat II impact)

Discussion

The SDN controller is the backbone of the SDN infrastructure. If the server hosting the SDN controller is breached or if unauthorized changes are made to the device, the SDN controller may not have the appropriate resources to function properly or may even be disabled. A host intrusion detection system (HIDS) can monitor and report system configuration changes and prevent malicious or anomalous activity.

Check Content

Review all servers hosting an SDN controller and verify that an HIDS has been installed and enabled. If an HIDS has not been installed and enabled on all servers hosting an SDN controller, this is a finding.

Fix Text

Install and enable an HIDS on all servers hosting an SDN controller.

Additional Identifiers

Rule ID: SV-87757r1_rule

Vulnerability ID: V-73105

Group Title: NET-SDN-018

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001255

Invoke internal monitoring capabilities or deploy monitoring devices strategically within the system to collect organization-determined essential information.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-4

Information System Monitoring