Title

An OAM&P / NM and CTI network/LAN is connected to the local general use (base) LAN without appropriate boundary protection. (Cat II impact)

Discussion

Requirement: The IAO will ensure that OAM&P / NM and CTI networks are not connected to the local general use (base) LAN. The requirement to dedicate OAM&P / NM and CTI networks or LANS is to protect the particular solution from threats from sources external to the solution. Connecting these dedicated LANs to another LAN negates this protection unless a proper boundary is created. Such a boundary should be a firewall but minimally must be a router ACL. Access to the dedicated LAN and the devices on it must be filtered by source and destination IP addresses as well as the specific ports and protocols that are required or permitted to cross the boundary.

Check Content

Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable.

Fix Text

Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.

Additional Identifiers

Rule ID: SV-9041r1_rule

Vulnerability ID: V-8544

Group Title: OAM&P/NM / CTI LAN is connected to general use LAN

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.