The IAO/NSO will ensure the route to the AG network adheres to the PPS CAL boundary 13 and 14 policies and is in compliance with all perimeter filtering defined in the perimeter and router sections of the Network STIG.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-14632	NET0167	SV-15257r1_rule	DCPP-1 ECSC-1	Medium

Description
The enclave perimeter requirement for filtering, to include JTF-GNO PPS filtering rules, and monitoring traffic will be enforced for any traffic from the AG. All traffic entering the enclave from the AG must enter through the firewall and be monitored by internal IDS. All traffic leaving the enclave, regardless of the destination--AG or NIPRNet addresses, will be filtered by the premise router's egress filter to verify that the source IP address belongs to the enclave.

Description

The enclave perimeter requirement for filtering, to include JTF-GNO PPS filtering rules, and monitoring traffic will be enforced for any traffic from the AG. All traffic entering the enclave from the AG must enter through the firewall and be monitored by internal IDS. All traffic leaving the enclave, regardless of the destination--AG or NIPRNet addresses, will be filtered by the premise router's egress filter to verify that the source IP address belongs to the enclave.

STIG	Date
Perimeter L3 Switch Security Technical Implementation Guide - Cisco	2015-04-06

Details

Check Text ( C-12648r1_chk )
The enclave perimeter requirement for filtering, to include JTF-GNO PPS filtering rules, and monitoring traffic will be enforced for any traffic from the AG. All traffic leaving the enclave, regardless of the destination--AG or NIPRNet addresses, will be filtered by the premise router's egress filter to verify that the source IP address belongs to the enclave.

Fix Text (F-14094r1_fix)
Ensure the perimeter is protected from this path. A deny by default policy is enforced at this connection and the site is in compliance with all PPS 13 and 14 boundaries.