STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020: STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:SV-15259r4_rule
V-14634
External IDS/IPS must be installed in AG architecture.
NET0168
CAT II
10
Install and configure an IDPS between the site’s Approved Gateway and the premise router.
Inspect the network topology and physical connectivity to verify compliance.
If the site has a non-DoD external connection and does not have an IDPS located between the site’s Approved Gateway and the perimeter router, this is a finding.
Note: An Approved Gateway (AG) is any external connection from a DoD NIPRNet enclave to an Internet Service Provider, or network owned by a contractor, or non-DoD federal agency that has been approved by either the DoD CIO or the DoD Component CIO. This AG requirement does not apply to commercial cloud connections when the Cloud Service Provider (CSP) network is connected via the NIPRNet Boundary Cloud Access Point (BCAP).
V-14634
False
NET0168
Inspect the network topology and physical connectivity to verify compliance.
If the site has a non-DoD external connection and does not have an IDPS located between the site’s Approved Gateway and the perimeter router, this is a finding.
Note: An Approved Gateway (AG) is any external connection from a DoD NIPRNet enclave to an Internet Service Provider, or network owned by a contractor, or non-DoD federal agency that has been approved by either the DoD CIO or the DoD Component CIO. This AG requirement does not apply to commercial cloud connections when the Cloud Service Provider (CSP) network is connected via the NIPRNet Boundary Cloud Access Point (BCAP).
M
838