STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

Tunneling of classified traffic across an unclassified IP transport network or service provider backbone must be documented in the enclaves security authorization package and an Approval to Connect (ATC), or an Interim ATC must be issued by DISA prior to implementation.

DISA Rule

SV-15494r3_rule

Vulnerability Number

V-14738

Group Title

Unapproved SIPRNet traffic exists

Rule Version

NET-TUNL-028

Severity

CAT II

CCI(s)

CCI-002396 - The organization protects the confidentiality and integrity of the information being transmitted across each interface for each external telecommunication service.
CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

Fix Recommendation

Document the tunneling of classified traffic in the security authorization package and the ATC or Interim ATC.

Check Contents

Review the enclave's security authorization package and the ATC or Interim ATC amending the connection approval received.

If the tunneling of classified traffic is not documented in the security authorization package and an ATC or Interim ATC, this is a finding.

Tunneling of classified traffic across an unclassified IP transport network or service provider backbone must be documented in the enclaves security authorization package and an Approval to Connect (ATC), or an Interim ATC must be issued by DISA prior to implementation.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments