STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

DSAWG approval must be obtained before tunneling classified traffic outside the components local area network boundaries across a non-DISN or OCONUS DISN unclassified IP wide area network transport infrastructure.

DISA Rule

SV-15496r2_rule

Vulnerability Number

V-14740

Group Title

SIPRNet traffic exists on a ISP

Rule Version

NET-TUNL-030

Severity

CAT I

CCI(s)

• CCI-002396 - The organization protects the confidentiality and integrity of the information being transmitted across each interface for each external telecommunication service.
• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

Remove the connection between the classified and unclassified network. Obtain approval from the DSAWG for the purpose of tunneling classified traffic across a non-DISN or OCONUS DISN unclassified IP network.

Check Contents

Review the network topology diagram.

If there is a connection between the classified network and the unclassified network for the purpose of tunneling classified traffic across a non-DISN or OCONUS DISN unclassified IP network, verify there is approval by the DSAWG.

If there is no document stating DSAWG approval, this is a finding.

Vulnerability Number

V-14740

Documentable

False

Rule Version

NET-TUNL-030

Severity Override Guidance

Review the network topology diagram.

If there is a connection between the classified network and the unclassified network for the purpose of tunneling classified traffic across a non-DISN or OCONUS DISN unclassified IP network, verify there is approval by the DSAWG.

If there is no document stating DSAWG approval, this is a finding.

Check Content Reference

M

Target Key

838

Comments