An error occurred:

Check: DSN03.01

Defense Switched Network (DSN) STIG: DSN03.01 (in versions v2 r8 through v2 r7)

Title

A DoD Voice/Video/RTS system or device is NOT configured in compliance with all applicable STIGs or the appropriate STIGs have not been applied to the fullest extent possible. (Cat III impact)

Discussion

Requirement: The IAO will ensure that all systems connected to DOD telecommunications systems that use technologies covered by a DISA/DOD STIG, is secured in compliance with the applicable STIG(s) The applicable STIGs define threat and vulnerability mitigations that must be applied to resolve the associated threat and/or vulnerability in accordance with DoD policy.

Check Content

Obtain a copy of all applicable SRR or Self Assessment results and review for compliance OR perform all applicable SRRs on a representative number of RTS systems and devices. If there are a significant number of findings reported or if an applicable STIG was not applied, this is a finding. Note: The specific Voice/Video/RTS system server or device determines the applicability of any given STIG. Many Voice/Video/RTS system servers or devices are based on general-purpose operating system such as Microsoft Windows, Unix, or Linux. They may use general-purpose applications such as databases like MS-SQL or Oracle and/or employ web server technology like IIS or similar. Determine what the system under review is based upon and perform the associated SRRs. Additionally, an application SRR may be applicable for the vendor's application that makes the server or device perform the functions or the management of the system. Note: Voice/Video/RTS systems and devices are required to be tested, certified, accredited by the DSAWG and listed on the DSN APL. Each specific Voice/Video/RTS system or device may be approved while having certain open findings that are approved in light of certain mitigations. Such open findings are not to be considered in the status determination of this requirement.

Fix Text

The IAO and/or SA is to configure all Voice/Video/RTS systems, server, and devices in accordance with all applicable STIGs for the specific system/server/device while taking into account any DSAWG approved open findings and their mitigations.

Additional Identifiers

Rule ID: SV-8835r1_rule

Vulnerability ID: V-8340

Group Title: Voice/Video/RTS system/device NOT STIG compliant

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check