Skip to content

I - Mission Critical Sensitive

Rules and Groups employed by this XCCDF Profile

  • NET-SDN-002

    <GroupDescription></GroupDescription>
    Group
  • Northbound API traffic received by the SDN controller must be authenticated using a FIPS-approved message authentication code algorithm.

    &lt;VulnDiscussion&gt;The SDN controller determines how traffic should flow through physical and virtual network devices based on application profi...
    Rule High Severity
  • NET-SDN-003

    <GroupDescription></GroupDescription>
    Group
  • Access to the SDN management and orchestration systems must be authenticated using a FIPS-approved message authentication code algorithm.

    &lt;VulnDiscussion&gt;The SDN controller receives network service requests from orchestration and management systems to deploy and configure networ...
    Rule Medium Severity
  • NET-SDN-004

    <GroupDescription></GroupDescription>
    Group
  • Southbound API control plane traffic must traverse an out-of-band path or be encrypted using a FIPS-validated cryptographic module.

    &lt;VulnDiscussion&gt;Southbound APIs such as OpenFlow provide the forwarding tables to network devices such as switches and routers, both physical...
    Rule High Severity
  • NET-SDN-005

    <GroupDescription></GroupDescription>
    Group
  • Northbound API traffic must traverse an out-of-band path or be encrypted using a FIPS-validated cryptographic module.

    &lt;VulnDiscussion&gt;The SDN controller receives network service requests from orchestration and management systems to deploy and configure networ...
    Rule High Severity
  • NET-SDN-006

    <GroupDescription></GroupDescription>
    Group
  • Southbound API management plane traffic for provisioning and configuring virtual network elements within the SDN infrastructure must be authenticated using a FIPS-approved message authentication code algorithm.

    &lt;VulnDiscussion&gt;Management and orchestration systems within the SDN framework instantiate, deploy, and configure virtual network elements. Th...
    Rule Medium Severity
  • NET-SDN-007

    <GroupDescription></GroupDescription>
    Group
  • Southbound API management plane traffic for provisioning and configuring virtual network elements within the SDN infrastructure must traverse an out-of-band path or be encrypted using a using a FIPS-validated cryptographic module.

    &lt;VulnDiscussion&gt;Management and orchestration systems within the SDN framework instantiate, deploy, and configure network elements within the ...
    Rule Medium Severity
  • NET-SDN-008

    <GroupDescription></GroupDescription>
    Group
  • Southbound API management plane traffic for configuring SDN parameters on physical network elements must be authenticated using DOD PKI certificate-based authentication.

    &lt;VulnDiscussion&gt;Physical SDN-enabled switches are dependent on the SDN controller for their forwarding tables as well as their configuration ...
    Rule Medium Severity
  • NET-SDN-009

    <GroupDescription></GroupDescription>
    Group
  • Southbound API management plane traffic for configuring SDN parameters on physical network elements must be encrypted using a FIPS-validated cryptographic module.

    &lt;VulnDiscussion&gt;Physical SDN-enabled switches are dependent on the SDN controller for their forwarding tables, as well as their configuration...
    Rule Medium Severity
  • NET-SDN-010

    <GroupDescription></GroupDescription>
    Group
  • Physical SDN controllers and servers hosting SDN applications must reside within the management network with multiple paths that are secured by a firewall to inspect all ingress traffic.

    &lt;VulnDiscussion&gt;Management and orchestration systems deploy and configure network devices such as switches and routers, both physical and vir...
    Rule Medium Severity
  • NET-SDN-011

    <GroupDescription></GroupDescription>
    Group
  • SDN-enabled routers and switches must provide link state information to the SDN controller to create new forwarding decisions for the network elements.

    &lt;VulnDiscussion&gt;Southbound APIs such as OpenFlow provide the forwarding tables to network devices such as switches and routers. SDN controlle...
    Rule Low Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules