NET-SRVFRM-003 - ACLs must restrict access to server VLANs

Information

Server VLAN interfaces must be protected by restrictive ACLs using a deny-by-default security posture.

Protecting data sitting in a server VLAN is necessary and can be accomplished using access control lists on VLANs provisioned for servers. Without proper access control of traffic entering or leaving the server VLAN, potential threats such as a denial of service, data corruption, or theft could occur, resulting in the inability to complete mission requirements by authorized users.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure an ACL to protect the server VLAN interface. The ACL must be in a deny-by-default security posture.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Perimeter_Router_L3_Switch_V8R32_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-20061r3_rule, STIG-ID|NET-SRVFRM-003, Vuln-ID|V-18522

Plugin: Cisco

Control ID: f1b246ba7ad68d4e1e02c788c2694156e4e2ed3589266ca67a651df225eae04e