Installation of operating systems on systems and devices in the test and development environment must be logically separated to prohibit access to any operational network.

From Test and Development Zone A Security Technical Implementation Guide

Part of ENTD0320 - Installation of operating systems and devices not logically separated.

Associated with IA controls: ECSC-1

SV-51538r1_rule Installation of operating systems on systems and devices in the test and development environment must be logically separated to prohibit access to any operational network.

Vulnerability discussion

Systems are most vulnerable to attack during the installation of an operating system because no security controls have been put in place to protect the system. It is very important to block all access to a system while the operating system is being installed and configured until such time that security controls can be implemented.

Check content

Determine whether the organization has a connection approval policy on the installation of operating systems within the test and development environment. The policy must include either physically disconnecting or blocking the system at the firewall in order to achieve complete isolation from any network traffic. If no connection approval policy has been developed, this is a finding.

Fix text

Create a policy to ensure the test or development system is physically disconnected or blocked at the firewall from any external network during the installation of an operating system.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.