VMware NSX 4.x Tier-0 Gateway Firewall Security Technical Implementation Guide
Overview
| Version | Date | Finding Count (4) | Downloads | ||
| 1 | 2024-12-13 | CAT I (High): 1 | CAT II (Medium): 3 | CAT III (Low): 0 | |
| STIG Description |
| This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. |
Findings - MAC II - Mission Support Sensitive
| Finding ID | Severity | Title | Description |
|---|---|---|---|
| V-265362 | The NSX Tier-0 Gateway Firewall must generate traffic log entries. | Without establishing what type of event occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or... | |
| V-265368 | The NSX Tier-0 Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception. | To prevent malicious or accidental leakage of traffic, organizations must implement a deny-by-default security posture at the network perimeter. Such ... | |
| V-265370 | The NSX Tier-0 Gateway Firewall must be configured to send traffic log entries to a central log server. | Without the ability to centrally manage the content captured in the traffic log entries, identification, troubleshooting, and correlation of suspiciou... | |
| V-265367 | The NSX Tier-0 Gateway Firewall must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks. | A firewall experiencing a DoS attack will not be able to handle production traffic load. The high usage and CPU caused by a DoS attack will impact con... |