VMware NSX 4.x Tier-1 Gateway Firewall Security Technical Implementation Guide
Overview
| Version | Date | Finding Count (5) | Downloads | ||
| 1 | 2024-12-20 | CAT I (High): 1 | CAT II (Medium): 4 | CAT III (Low): 0 | |
| STIG Description |
| This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. |
Findings - All
| Finding ID | Severity | Title | Description |
|---|---|---|---|
| V-265493 | The NSX Tier-1 Gateway firewall must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks. | A firewall experiencing a DoS attack will not be able to handle production traffic load. The high usage and CPU caused by a DoS attack will also have ... | |
| V-265488 | The NSX Tier-1 Gateway firewall must generate traffic log entries. | Without establishing what type of event occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or... | |
| V-265494 | The NSX Tier-1 Gateway firewall must deny network communications traffic by default and allow network communications traffic by exception. | To prevent malicious or accidental leakage of traffic, organizations must implement a deny-by-default security posture at the network perimeter. Such ... | |
| V-265496 | The NSX Tier-1 Gateway firewall must be configured to send traffic log entries to a central audit server. | Without the ability to centrally manage the content captured in the traffic log entries, identification, troubleshooting, and correlation of suspiciou... | |
| V-265500 | The NSX Tier-1 Gateway firewall must be configured to inspect traffic at the application layer. | Application inspection enables the firewall to control traffic based on different parameters that exist within the packets such as enforcing applicati... |