From Enclave - Zone B Checklist
Part of T&D non-STIG'd systems connect to STIG'd systems.
Associated with IA controls: ECSC-1
Zone B systems may not be fully STIG compliant, there may be sub-zones within a Zone B that may not have STIG’d systems. Therefore, if utilizing a remote access solution, appropriate steps must be taken to isolate the systems that are not in compliance and non-production systems employed to access them. If utilizing a DoD LAN client or workstation, the user must be proxied by a STIG compliant device that acts as a gateway to the Zone B system. There is no egress from the Zone B system to the LAN client unless utilizing a proxy or Virtual Machine architecture.
Interview the IAM to determine if a process/procedure is in place to ensure STIG compliant production devices are not in any way connected to non-STIG compliant devices even via a remote access solution. This check does not apply to Zone A systems as they should be STIG compliant, nor does it apply to Zone C systems as they are only communicating with another Test facility with no remote access solution.
The IAO will ensure non-STIG’d systems do not connect or communicate with STIG compliant systems, even if located in the same T&D zone.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer