Title

The SMU management port or management workstations is improperly connected to a network that is not dedicated to management of the SMU. (Cat II impact)

Discussion

Requirement: The IAO at the SMU site will ensure that the SMU management port or stations are not connected to any network other than one dedicated to management of the SMU.The system design and architecture of the SMU provides for no security configuration capability (i.e., user account, password, privileged user, or auditing capability). Trunk and subscriber provisioning is accomplished via an administrator’s terminal, which is a dumb terminal, connected to the system via serial connection. From this terminal, at power up, the user has direct access to provisioning features of the system. Therefore, security protection to the SMU is provided through the physical security of the unit.

Check Content

Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable

Fix Text

> Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.

Additional Identifiers

Rule ID: SV-9007r1_rule

Vulnerability ID: V-8512

Group Title: SMU Mgmt. port connected to NON-mgmt. network

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.