STIGQter: STIG Summary: WLAN Controller Security Technical Implementation Guide (STIG) Version: 6 Release: 15 Benchmark Date: 26 Apr 2019:

The network devices management interface must be configured with both an ingress and egress ACL.

DISA Rule

SV-19076r4_rule

Vulnerability Number

V-17822

Group Title

The management interface does not have an ACL.

Rule Version

NET0992

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If the management interface is a routed interface, it must be configured with both an ingress and egress ACL. The ingress ACL should block any transit traffic, while the egress ACL should block any traffic that was not originated by the managed network device.

Check Contents

Step 1: Verify the managed interface has an inbound and outbound ACL or filter.

Step 2: Verify the ingress ACL blocks all transit traffic--that is, any traffic not destined to the router itself. In addition, traffic accessing the managed elements should be originated at the NOC.

Step 3: Verify the egress ACL blocks any traffic not originated by the managed element.

If management interface does not have an ingress and egress filter configured and applied, this is a finding.

Vulnerability Number

V-17822

Documentable

False

Rule Version

NET0992

Severity Override Guidance

Step 1: Verify the managed interface has an inbound and outbound ACL or filter.

Step 2: Verify the ingress ACL blocks all transit traffic--that is, any traffic not destined to the router itself. In addition, traffic accessing the managed elements should be originated at the NOC.

Step 3: Verify the egress ACL blocks any traffic not originated by the managed element.

If management interface does not have an ingress and egress filter configured and applied, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1538

Comments