STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application user interface must be either physically or logically separated from data storage and management interfaces.

DISA Rule

SV-222574r508029_rule

Vulnerability Number

V-222574

Group Title

SRG-APP-000211

Rule Version

APSC-DV-002150

Severity

CAT II

CCI(s)

• CCI-001082 - The information system separates user functionality (including user interface services) from information system management functionality.

Weight

10

Fix Recommendation

Configure the application so user interface to the application and management interface to the application is separated.

Check Contents

Review the application documentation and interview the application administrator.

Review the design documents and the interfaces used by the application.

Verify that the application provides separate interfaces for user traffic and for management traffic. The separation may be virtual in nature (virtual host, virtual NIC, virtual network) or physically separate.

If the application user interface and the application management interface are shared, this is a finding.

Vulnerability Number

V-222574

Documentable

False

Rule Version

APSC-DV-002150

Severity Override Guidance

Review the application documentation and interview the application administrator.

Review the design documents and the interfaces used by the application.

Verify that the application provides separate interfaces for user traffic and for management traffic. The separation may be virtual in nature (virtual host, virtual NIC, virtual network) or physically separate.

If the application user interface and the application management interface are shared, this is a finding.

Check Content Reference

M

Target Key

4093

Comments