Zone A systems do not utilize a Connection Approval Process to include assessment and scanning for security baselines, and final ATC.

Part of CAP not utilized for Zone A systems.

Associated with IA controls: EBCR-1

SV-15075r1_rule Zone A systems do not utilize a Connection Approval Process to include assessment and scanning for security baselines, and final ATC.

Vulnerability discussion

Zone A systems require external (live/production) access to perform their final stage testing. This zone requires full compliance with the appropriate STIGs and utilizes a Connection Approval Process (CAP). All incoming/outgoing network connections will be controlled and configured in accordance with the STIGs. No external to internal network initiated connections will be authorized unless utilizing a STIG compliant DMZ. Zone A systems may mirror a live, production environment for final stage testing and development. The Zone A enclave must be separated/segregated from any production traffic and a firewall solution with proxy capability, along with VLAN segmentation is preferred. Permissible activities for Zone A include final stage testing and final stage development. This Zone is seen as the last barrier prior to being placed in a production environment/infrastructure.

Check content

Review the Connection Approval Process (CAP) to determine if it includes assessment procedures and time frames as well as scanning for security baselines, and final ATC.

Fix text

The IAO will ensure all systems utilize a Connection Approval Process to include assessment and scanning for security baselines, and final ATC.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.