Systems in test and development zones are connected to a DoD production network without security controls, as required by the appropriate STIGs. A Connection Approval Process (CAP) has not been used prior to connection to a DoD network.

Part of T&D systems are connected to DoD network.

Associated with IA controls: DCCT-1

SV-14922r1_rule Systems in test and development zones are connected to a DoD production network without security controls, as required by the appropriate STIGs. A Connection Approval Process (CAP) has not been used prior to connection to a DoD network.

Vulnerability discussion

As lab systems are seldom, if ever, in a STIG compliant, secure state, there must be additional security controls in place to protect DoD networks, DoD user communities, and production infrastructures.

Check content

Work with the IAO to determine if systems in test and development zones are connected to a DoD production network. If they are connected, all security rules must be applied. Ask to view the Connection Approval Process (CAP) which must be used prior to connection to a DoD network. A system should, at a minimum, be scanned, reviewed for STIG compliancy, entered into a vulnerability tracking system, and documented.

Fix text

The IAO will ensure systems in test and development zones are not connected to a DoD production network until security controls, as required by the appropriate STIGs, are configured and validated. A Connection Approval Process (CAP) will be used prior to connection to a DoD network.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.