STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

Connections between the DoD enclave and the Internet or other public or commercial wide area networks must require a DMZ.

DISA Rule

SV-222671r508029_rule

Vulnerability Number

V-222671

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003350

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001119 - The organization isolates organization-defined information security tools, mechanisms, and support components from other internal information system components by implementing physically separate subnetworks with managed interfaces to other components of the system.

Weight

10

Fix Recommendation

Setup a DMZ between DoD and public networks.

Check Contents

Interview the application representative and determine if the application is publicly accessible.

If the application is publicly accessible and traffic is not being routed through a DMZ, this is a finding.

Vulnerability Number

V-222671

Documentable

False

Rule Version

APSC-DV-003350

Severity Override Guidance

Interview the application representative and determine if the application is publicly accessible.

If the application is publicly accessible and traffic is not being routed through a DMZ, this is a finding.

Check Content Reference

M

Target Key

4093

Comments