Skip to content

Network Infrastructure Policy Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Command and Control (C2) and non-C2 exceptions of SIPRNet must be documented in the enclaves accreditation package and an Authority to Connect (ATC) or Interim ATC amending the connection approval received prior to implementation.

    <VulnDiscussion>Any exception to use SIPRNet must be documented in an update to the enclave's accreditation package and an Authority to Conne...
    Rule Medium Severity
  • NET1832

    <GroupDescription></GroupDescription>
    Group
  • VPN gateways used to create IP tunnels to transport classified traffic across an unclassified IP network must comply with appropriate physical security protection standards for processing classified information.

    &lt;VulnDiscussion&gt;When transporting classified data over an unclassified IP network, it is imperative that the network elements deployed to pro...
    Rule Medium Severity
  • NET2000

    <GroupDescription></GroupDescription>
    Group
  • Multi-Protocol Labeled Switching (MPLS) protocols deployed to build Label-Switch Path (LSP) tunnels must authenticate all messages with a hash function using the most secured cryptographic algorithm available.

    &lt;VulnDiscussion&gt;Spoofed TCP segments could be introduced into the connection streams for LDP sessions used to build LSPs. By configuring stri...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules