Title

An OAM&P / NM or CTI network DOES NOT comply with the Enclave and/or Network Infrastructure STIGs. (Cat II impact)

Discussion

Requirement: The IAO will ensure that OAM&P / NM and CTI networks comply with the Enclave and Network Infrastructure STIGs. OAM&P / NM and CTI networks must comply with the requirements contained in the Enclave and Network Infrastructure STIGs so that the threats and/or vulnerabilities associated with all networks and enclaves are properly mitigated according to DoD policy.

Check Content

Obtain a copy of Network and Enclave SRRs or Self Assessment results and review for compliance OR perform Network and Enclave SRRs on the OAM&P / NM and/or CTI network. If there are a significant number of findings reported or if an applicable STIG was not applied, this is a finding. Note: Voice/Video/RTS and/or OAM&P / NM and/or CTI network systems and devices are required to be tested, certified, accredited by the DSAWG and listed on the DSN APL. Each specific Voice/Video/RTS system or device may be approved while having certain open findings that are approved in light of certain mitigations. Such open findings are not to be considered in the status determination of this requirement.

Fix Text

Configure all OAM&P / NM or CTI networks in accordance with the Enclave and Network Infrastructure STIGs while taking into account any DSAWG approved open findings and their mitigations for the given solution.

Additional Identifiers

Rule ID: SV-9038r1_rule

Vulnerability ID: V-8541

Group Title: An OAM&P / NM or CTI network NOT STIG compliant

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.