Zone A systems do not comply with the requirements in the DoD PPS Assurance Category Assignments List (CAL) for PPS utilization.

Part of Zone A systems non-compliant with PPS CAL.

Associated with IA controls: DCPP-1

SV-15074r1_rule Zone A systems do not comply with the requirements in the DoD PPS Assurance Category Assignments List (CAL) for PPS utilization.

Vulnerability discussion

Zone A systems require external (live/production) access to perform their final stage testing. This zone requires full compliance with the appropriate STIGs and utilizes a Connection Approval Process (CAP). All incoming/outgoing network connections will be controlled and configured in accordance with the STIGs. No external to internal network initiated connections will be authorized unless utilizing a STIG compliant DMZ. Zone A systems may mirror a live, production environment for final stage testing and development. The Zone A enclave must be separated/segregated from any production traffic and a firewall solution with proxy capability, along with VLAN segmentation is preferred. Permissible activities for Zone A include final stage testing and final stage development. This Zone is seen as the last barrier prior to being placed in a production environment/infrastructure.

Check content

Verify compliance with the network reviewer. Review the latest version of the PPS CAL against the ACLs on the router or firewall.

Fix text

The IAO will ensure all systems comply with the requirements in the DoD PPS CAL for PPS utilization.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.