Skip to content
Log In

Layer 2 Switch Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The layer 2 switch must not use the default VLAN for management traffic.

    Switches use the default VLAN (i.e., VLAN 1) for in-band management and to communicate with directly connected switches using Spanning-Tree Protocol (STP), Dynamic Trunking Protocol (DTP), VLAN Tru...
    Rule Medium Severity
    Show

  • SRG-NET-000512

    Group
    Show

  • SRG-NET-000512

    Group
    Show

  • The layer 2 switch must not have any switch ports assigned to the native VLAN.

    Double encapsulation can be initiated by an attacker who has access to a switch port belonging to the native VLAN of the trunk port. Knowing the victim’s MAC address and with the victim attached to...
    Rule Low Severity
    Show

  • SRG-NET-000512

    Group
    Show

  • The layer 2 switch must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.

    Configuring the network device to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security base...
    Rule Medium Severity
    Show

  • SRG-NET-000705

    Group
    Show

  • The layer 2 switch must employ organization-defined controls by type of denial-of-service (DoS) to achieve the DoS objective.

    DoS events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of planning to support organizational needs with respect to capacity and bandwidth...
    Rule Medium Severity
    Show

  • SRG-NET-000715

    Group
    Show

  • The layer 2 switch must implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.

    Separating critical system components and functions from other noncritical system components and functions through separate subnetworks may be necessary to reduce susceptibility to a catastrophic o...
    Rule Medium Severity
    Show

  • SRG-NET-000760

    Group
    Show

  • The layer 2 switch must establish organization-defined alternate communications paths for system operations organizational command and control.

    An incident, whether adversarial- or nonadversarial-based, can disrupt established communications paths used for system operations and organizational command and control. Alternate communications p...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules