STIGQter: STIG Summary: SDN Using NV Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 27 Feb 2017:

Physical SDN controllers and servers hosting SDN applications must reside within the management network with multiple paths that are secured by a firewall to inspect all ingress traffic.

DISA Rule

SV-87743r1_rule

Vulnerability Number

V-73091

Group Title

NET-SDN-010

Rule Version

NET-SDN-010

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Deploy all physical controllers, management appliances, and servers hosting SDN applications into the management network with multiple paths that are secured by a firewall inspecting all ingress traffic.

Check Contents

Review the SDN infrastructure topology to verify that the all physical SDN controllers, management appliances, and servers hosting SDN applications reside within the management network that has multiple paths and is also secured by a firewall.

If these physical NVP components do not reside within the management network with multiple paths, and are not secured by a firewall, this is a finding.

Note: If the SDN physical components reside within an out-of-band network, this requirement would not be applicable.

Vulnerability Number

V-73091

Documentable

False

Rule Version

NET-SDN-010

Severity Override Guidance

Review the SDN infrastructure topology to verify that the all physical SDN controllers, management appliances, and servers hosting SDN applications reside within the management network that has multiple paths and is also secured by a firewall.

If these physical NVP components do not reside within the management network with multiple paths, and are not secured by a firewall, this is a finding.

Note: If the SDN physical components reside within an out-of-band network, this requirement would not be applicable.

Check Content Reference

M

Target Key

3089

Comments