DSAWG approval must be obtained before tunneling classified traffic outside the components local area network boundaries across a non-DISN or OCONUS DISN unclassified IP wide area network transport infrastructure.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251350 | NET-TUNL-030 | SV-251350r877972_rule | CCI-002396 | high |
| Description | ||||
| CJCSI 6211.02D instruction establishes policy and responsibilities for the connection of any information systems to the Defense Information Systems Network (DISN) provided transport. Enclosure E mandates that the CC/S/A obtain DSAWG approval before tunneling classified data outside component's local area network boundaries across a non-DISN or OCONUS DISN unclassified IP-wide area transport infrastructure. | ||||
| STIG | Date | |||
| Network Infrastructure Policy Security Technical Implementation Guide | 2024-08-02 | |||
Details
Check Text (C-251350r877972_chk)
Review the network topology diagram.
If there is a connection between the classified network and the unclassified network for the purpose of tunneling classified traffic across a non-DISN or OCONUS DISN unclassified IP network, verify there is approval by the DSAWG.
If there is no document stating DSAWG approval, this is a finding.
Fix Text (F-54738r806004_fix)
Remove the connection between the classified and unclassified network. Obtain approval from the DSAWG for the purpose of tunneling classified traffic across a non-DISN or OCONUS DISN unclassified IP network.