SDN Controller Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000512
Group -
The SDN controller must be configured to enable multi-tenant virtual networks to be fully isolated from one another.
Network-as-a-Service (NaaS) is often implemented in a multi-tenant paradigm, where customers share network infrastructure and services while they are logically isolated from each other. SDN provide...Rule Medium Severity -
SRG-NET-000512
Group -
The SDN controller must be configured to separate tenant functionality from system management functionality.
Network-as-a-Service (NaaS) is frequently offered in a multi-tenant paradigm, where customers share network infrastructure. SDN provides an approach to the provisioning of virtual network services ...Rule Medium Severity -
SRG-NET-000512
Group -
The SDN controller must be configured to isolate security functions from non-security functions.
An isolation boundary provides access control and protects the integrity of the hardware, software, and firmware that perform security functions. Security functions are the hardware, software, an...Rule Medium Severity -
SRG-NET-000512
Group -
SRG-NET-000512
Group -
SRG-NET-000512
Group -
The SDN controller must be configured to enforce access restrictions associated with changes to the configuration.
Failure to provide logical access restrictions associated with changes to application configuration may have significant effects on the overall security of the system. When dealing with access re...Rule Medium Severity -
SRG-NET-000512
Group -
The SDN controller must be configured to audit the enforcement actions used to restrict access associated with changes to any application within the SDN framework.
Without auditing the enforcement of access restrictions against changes to any application within the SDN framework, it will be difficult to identify attempted attacks and an audit trail will not b...Rule Medium Severity -
SRG-NET-000512
Group -
SRG-NET-000705
Group -
The SDN controller must be configured to employ organization-defined controls by type of denial of service (DoS) to achieve the DoS objective.
DoS events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of planning to support organizational needs with respect to capacity and bandwidth...Rule Medium Severity -
SRG-NET-000715
Group -
The SDN controller must be configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.
Separating critical system components and functions from other noncritical system components and functions through separate subnetworks may be necessary to reduce susceptibility to a catastrophic o...Rule Medium Severity -
SRG-NET-000760
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.