Title

The ADIMSS server connected to the SMU is NOT dedicated to ADIMSS functions. (Cat II impact)

Discussion

Requirement: The IAO at the SMU site will ensure that the ADIMSS server connected to the SMU is dedicated to ADIMSS functions.ADIMSS servers represent mission critical equipment that contain potentially sensitive information that needs to be secured and treated with the same precautions as any other servers containing sensitive information. Dedicating critical ADIMSS servers to only ADIMSS required applications is key to securing the ADIMSS network. To minimize possible risk these servers are to be dedicated to the ADIMSS applications required for ADIMSS operations minimizing the chance of infection or attack through an unused, unnecessary application residing on the system.

Check Content

Interview the IAO and/or SA to confirm compliance through discussion, review of site policy and procedures, diagrams, documentation, configuration files, logs, records, DAA/other approvals, etc as applicable

Fix Text

> Implement processes / procedures, generate documents, and/or adjust configuration(s) / architecture, as necessary to comply with policy.

Additional Identifiers

Rule ID: SV-9008r1_rule

Vulnerability ID: V-8513

Group Title: ADIMSS/SMU server NOT dedicated to ADIMSS

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.