STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

A dedicated management network must be implemented.

DISA Rule

SV-18981r2_rule

Vulnerability Number

V-17772

Group Title

A separate management subnet is not being used

Rule Version

NET0998

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Define a large enough address block that will enable the management network to scale in proportion to the managed network.

Check Contents

Review the network topology diagram to determine if a management network has been implemented. Validate the IP address space documented for this network by verifying the IP addresses referenced for management access (SSH, NTP, AAA, SNMP manager, Syslog server, etc.) to the managed network elements.

If a management network has not been implemented, this is a finding.

Vulnerability Number

V-17772

Documentable

False

Rule Version

NET0998

Severity Override Guidance

Review the network topology diagram to determine if a management network has been implemented. Validate the IP address space documented for this network by verifying the IP addresses referenced for management access (SSH, NTP, AAA, SNMP manager, Syslog server, etc.) to the managed network elements.

If a management network has not been implemented, this is a finding.

Check Content Reference

M

Target Key

838

Comments