All hosted NIPRNet-only applications must be located in a local enclave Demilitarized Zone (DMZ).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-251364 | NET0346 | SV-251364r853651_rule | CCI-002395 | medium |
| Description | ||||
| Without the protection of a DMZ, production networks will be prone to outside attacks as they are allowing externally accessible services to be accessed on the internal LAN. This can cause many undesired consequences such as access to the entire network, Denial of Service attacks, or theft of sensitive information. | ||||
| STIG | Date | |||
| Network Infrastructure Policy Security Technical Implementation Guide | 2024-08-02 | |||
Details
Check Text (C-251364r853651_chk)
Review the network topology diagram and interview the ISSO to verify that all NIPRNet-only applications are located in a local enclave DMZ.
If there are any NIPRNet-only applications not hosted in the enclave's DMZ, this is a finding.
Fix Text (F-54752r806046_fix)
Implement and move NIPRNet-only applications to a local enclave DMZ.