Zone A systems are not separated/isolated from production assets via network infrastructure devices, e.g., VLANs, separate subnets.

Part of Zone A systems not isolated from production.

Associated with IA controls: ECSC-1

SV-15073r1_rule Zone A systems are not separated/isolated from production assets via network infrastructure devices, e.g., VLANs, separate subnets.

Vulnerability discussion

Zone A systems require external (live/production) access to perform their final stage testing. This zone requires full compliance with the appropriate STIGs and utilizes a Connection Approval Process (CAP). All incoming/outgoing network connections will be controlled and configured in accordance with the STIGs. No external to internal network initiated connections will be authorized unless utilizing a STIG compliant DMZ. Zone A systems may mirror a live, production environment for final stage testing and development. The Zone A enclave must be separated/segregated from any production traffic and a firewall solution with proxy capability, along with VLAN segmentation is preferred.

Check content

Work with the network reviewer to determine compliance. Zone A systems must be separated/isolated from production assets via network infrastructure solutions such as VLANs or separate subnets. Have the network administrator identify the solution imposed to isolate the traffic and have the network reviewer verify compliance.

Fix text

The IAO will ensure Zone A systems are separated/isolated from production assets via network infrastructure devices, e.g., VLANs, separate subnets.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.