STIGQter: STIG Summary: Test and Development Zone B Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 26 Oct 2018:

Access control lists between the test and development environment and DoD operational networks must be in a deny-by-default posture.

DISA Rule

SV-51530r1_rule

Vulnerability Number

V-39663

Group Title

ENTD0240 - Access control lists not in deny-by-default security posture.

Rule Version

ENTD0240

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement a deny-by-default security posture for both ingress and egress traffic between the test and development environment and DoD operational networks.

Check Contents

Determine whether a deny-by-default security posture has been implemented for both ingress and egress traffic between the test and development environment and DoD operational networks. If the organization is not using a deny-by-default security posture for traffic between the test and development environment and DoD operational networks, this is a finding.

Vulnerability Number

V-39663

Documentable

False

Rule Version

ENTD0240

Severity Override Guidance

Determine whether a deny-by-default security posture has been implemented for both ingress and egress traffic between the test and development environment and DoD operational networks. If the organization is not using a deny-by-default security posture for traffic between the test and development environment and DoD operational networks, this is a finding.

Check Content Reference

M

Target Key

1132

Comments