|Finding ID||Version||Rule ID||IA Controls||Severity|
|CJCSI 6211.02E instruction establishes policy and responsibilities for the connection of any information systems to the Defense Information Systems Network (DISN) provided transport. Enclosure E mandates that the CC/S/A obtain DSAWG approval before tunneling classified data outside component’s local area network boundaries across a non-DISN or OCONUS DISN unclassified IP-wide area transport infrastructure.|
|Network Infrastructure Policy Security Technical Implementation Guide||2017-03-02|
|Check Text ( C-12962r3_chk )|
| Review the network topology diagram. |
If there is a connection between the classified network and the unclassified network for the purpose of tunneling classified traffic across a non-DISN or OCONUS DISN unclassified IP network, verify there is approval by the DSAWG.
If there is no document stating DSAWG approval, this is a finding.
|Fix Text (F-14206r3_fix)|
|Remove the connection between the classified and unclassified network. Obtain approval from the DSAWG for the purpose of tunneling classified traffic across a non-DISN or OCONUS DISN unclassified IP network.|