Title

Administration terminals are used for other day-to-day functions (i.e. email, web browsing, etc). (Cat II impact)

Discussion

Requirement: The IAO will ensure that OAM&P / NM and CTI system workstations are not used for other day-to-day functions (i.e., e-mail, web browsing, etc). Dedicating DSN administration terminals to their intended purpose and not using them for day-to-day functions such as email and web browsing, will reduce the risk of unauthorized access by those that could achieve entry by exploiting an existing IP based vulnerability. Not only should DSN administration terminals connect to DSN switching systems via a controlled network segment, the terminal should also be dedicated for administration purposes only.

Check Content

Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable.

Fix Text

Ensure dedicated terminals and workstations are used to administer DSN switching systems to that purpose only. Do not administer DSN switching systems from computer terminals that are used for day-to-day functions (i.e. email, web browsing, etc).

Additional Identifiers

Rule ID: SV-8418r1_rule

Vulnerability ID: V-7932

Group Title: Admin terminals are used for day-to-day apps

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.