STIGQter: STIG Summary: SDN Using NV Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 27 Feb 2017:

Southbound API management plane traffic for configuring SDN parameters on physical network elements must be authenticated using DOD PKI certificate-based authentication.

DISA Rule

SV-87739r1_rule

Vulnerability Number

V-73087

Group Title

NET-SDN-008

Rule Version

NET-SDN-008

Severity

CAT II

CCI(s)

• CCI-000186 - The information system, for PKI-based authentication, enforces authorized access to the corresponding private key.

Weight

10

Fix Recommendation

Deploy DOD PKI certificates to all orchestration systems, management systems, and physical SDN-enabled network elements.

Configure these components to use the certificates to authenticate southbound API management messages.

Check Contents

Review both management and orchestration systems, as well as all SDN controllers and physical SDN-enabled network elements that compose the network virtualization platform (NVP), to determine if certificate-based authentication is used to ensure the authenticity and integrity of southbound API management messages. If southbound API management plane traffic is not authenticated using DOD PKI certificates, this is a finding.

Vulnerability Number

V-73087

Documentable

False

Rule Version

NET-SDN-008

Severity Override Guidance

Review both management and orchestration systems, as well as all SDN controllers and physical SDN-enabled network elements that compose the network virtualization platform (NVP), to determine if certificate-based authentication is used to ensure the authenticity and integrity of southbound API management messages. If southbound API management plane traffic is not authenticated using DOD PKI certificates, this is a finding.

Check Content Reference

M

Target Key

3089

Comments