Title

Switch administration, ADIMSS, or other Network Management terminals are not located on a dedicated LAN. (Cat II impact)

Discussion

All Network Management and switch administration terminals connecting to the DSN are to be through a dedicated DSN network segment. Only authorized systems will be connected to this LAN. No other networks may interface with components that are connected to this LAN. By connecting in this controlled manner, many vulnerabilities that are associated with IP networks are eliminated.

Check Content

Interview the IAO or SA and confirm compliance through discussion, review of site policy, diagrams, documentation, DAA approvals, etc as applicable.

Fix Text

The ISSO/IAO will ensure that all DSN Network Management, switch administration components and other authorized systems are connected to a dedicated network and prohibit all connections to the ADMISS or other Network Management network that are not relevant to the operations of the DSN.

Additional Identifiers

Rule ID: SV-8416r1_rule

Vulnerability ID: V-7930

Group Title: Management terminals not on a dedicated LAN

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.