Access to the SDN management and orchestration systems must be authenticated using a FIPS-approved message authentication code algorithm.

From SDN Using NV Security Technical Implementation Guide

Associated with: CCI-000186

SV-87729r1_rule Access to the SDN management and orchestration systems must be authenticated using a FIPS-approved message authentication code algorithm.

Vulnerability discussion

The SDN controller receives network service requests from orchestration and management systems to deploy and configure network elements via the northbound API. In turn, the Northbound API presents a network abstraction to these systems. If either the orchestration or management system were breached, a rogue user could make modifications to the business or security policy that could disrupt network operations, resulting in inefficient application and business processes as well as bypassing security controls. In addition, invalid network service requests could be processed that could exhaust compute, storage, and network resources, leaving no resources available for legitimate business requirements.

Check content

Review all management and orchestration systems within the SDN framework and verify that access to these components requires DOD PKI certificate-based authentication. If access to the SDN management and orchestration systems does not require DOD PKI certificate-based authentication, this is a finding.

Fix text

Configure all management and orchestration systems within the SDN framework to require DOD PKI certificate-based authentication for access.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.