The test and development infrastructure must use a gateway to separate access to DoD operational networks.

From Test and Development Zone A Security Technical Implementation Guide

Part of ENTD0160 - The test and development environment does have a gateway.

Associated with IA controls: DCSP-1, ECSC-1

SV-51485r1_rule The test and development infrastructure must use a gateway to separate access to DoD operational networks.

Vulnerability discussion

Acting as the first hop into a test and development environment, the gateway can implement proper routing and provide a first layer of defense against attacks and other unintentional compromise or spillage of sensitive information into the operational network.

Check content

Review the network diagrams and physically check to see whether the organization has a gateway implemented for the test and development environment. If the organization has not documented or implemented a gateway for the test and development environment, this is a finding.

Fix text

Install a gateway to separate the test and development environment from the DoD operational network. Document it in the test and development network diagrams.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer