The organization must document impersistent connections to the test and development environment with approval by the organizations Authorizing Official.

From Test and Development Zone A Security Technical Implementation Guide

Part of ENTD0050 - Impersistent connections do not have approval.

Associated with IA controls: EBCR-1, ECSD-1

SV-51293r1_rule The organization must document impersistent connections to the test and development environment with approval by the organizations Authorizing Official.

Vulnerability discussion

An impersistent connection is any temporary connection needed to another test and development environment or DoD operational network where testing is not feasible. As any unvetted connection or device will create additional risk and compromise the entire environment, it is up to the Authorizing Official for the organization to accept the risk of an impersistent connection.

Check content

Review documentation for impersistent connections or devices to ensure the risk has been thoroughly assessed and approved by the Authorizing Official. If no documented approval is available for impersistent connections, this is a finding.

Fix text

Create and have on file up-to-date documentation of the authorized risk approval for impersistent connections or devices.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer