STIGQter: STIG Summary: SDN Using NV Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 27 Feb 2017: STIGQter: STIG Summary: SDN Using NV Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 27 Feb 2017:SV-87733r1_rule
V-73081
NET-SDN-005
NET-SDN-005
CAT I
10
Deploy an out-of-band network to provision paths between the SDN controllers and the SDN management/orchestration systems for providing transport for northbound API traffic.
An alternative is to encrypt all northbound API traffic using a FIPS-validated cryptographic module. Implement a cryptographic module which has a validation certification and is listed on the NIST Cryptographic Module Validation Program's (CMVP) validation list.
Determine if the northbound API traffic between the SDN controllers and the SDN management/orchestration systems traverses an out-of-band path.
If not, verify that the northbound API traffic is encrypted using a FIPS-validated cryptographic module.
If the northbound API traffic does not traverse an out-of-band path or is not encrypted using a FIPS-validated cryptographic module, this is a finding.
Note: An out-of-band path would be a path between two nodes that traverses one or more links on an out-of-band network; that is, a dedicated layer 2 infrastructure separate from a production network.
V-73081
False
NET-SDN-005
Determine if the northbound API traffic between the SDN controllers and the SDN management/orchestration systems traverses an out-of-band path.
If not, verify that the northbound API traffic is encrypted using a FIPS-validated cryptographic module.
If the northbound API traffic does not traverse an out-of-band path or is not encrypted using a FIPS-validated cryptographic module, this is a finding.
Note: An out-of-band path would be a path between two nodes that traverses one or more links on an out-of-band network; that is, a dedicated layer 2 infrastructure separate from a production network.
M
3089