The site has not configured the Sun Ray server in the PNP database.

From Sun Ray 4 Policy STIG

Part of Sun Ray server not configured in PNP database

Associated with IA controls: DCPP-1

SV-17414r1_rule The site has not configured the Sun Ray server in the PNP database.

Vulnerability discussion

DoDI 8550.1 Ports, Protocols, and Services Management (PPSM) is the DoD’s policy on IP Ports, Protocols, and Services (PPS). It controls the PPS that are permitted or approved to cross DoD network boundaries. Standard well known and registered IP ports and associated protocols and services are assessed for vulnerabilities and threats to the entire Global Information Grid (GIG) which includes the DISN backbone networks. The results are published in a Vulnerability Assessment (VA) report. Each port and protocol is given a rating of green, yellow, orange, or red in association with each of the 16 defined boundary types. Green means the protocol is relatively secure and is approved to cross the associated boundary without restrictions. Yellow means the protocol has security issues that must be mitigated to be used. Red means that the protocol is prohibited due to vulnerabilities that cannot be mitigated or approved, and is banned when crossing that boundary. The orange category requires DSAWG approval if the protocol exists and is necessary on the network. However, the orange category mandates that new systems and applications must not be developed using this protocol whether it crosses a boundary or not. The PPS Assurance Categories Assignment List (CAL) contains information regarding the assessed ports and protocols and defined boundaries, which is updated on a monthly basis. The PPSM information is available on the IASE and DKO/DoD IA Portal web sites. A portion of the DoDI 8550.1 PPS policy requires registration of those PPS that cross any of the boundaries defined by the policy that are “visible to DoD-managed components”. Therefore, to comply with the policy and ensure that protocols and ports are acceptable, Sun Ray servers will be registered as automated information systems (AIS) with their associated TCP or UDP ports in the DoD Ports and Protocol Registration System.

Check content

If either inbound or outbound traffic to the Sun Ray server is leaving the local enclave, verify that the server has been registered in the Ports and Protocols (PNP) database (https://pnp.cert.smil.mil) for the site. If it not registered this is a finding. If the traffic is completely contained within the local enclave, this requirement does not apply.

Fix text

Register all Sun Ray traffic that is leaving the local enclave in the PNP database for the site.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer