STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Layer 2 Switch Security Requirements Guide

V-263667

CAT II (Medium)

The layer 2 switch must implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.

Rule ID

SV-263667r1137762_rule

STIG

Layer 2 Switch Security Requirements Guide

Version

V3R4

CCIs

CCI-004891

Discussion

Separating critical system components and functions from other noncritical system components and functions through separate subnetworks may be necessary to reduce susceptibility to a catastrophic or debilitating breach or compromise that results in system failure. For example, physically separating the command and control function from the in-flight entertainment function through separate subnetworks in a commercial aircraft provides an increased level of assurance in the trustworthiness of critical system functions. This requirement also applies to Zero Trust initiatives.

Check Content

Verify the layer 2 switch is configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.

If the layer 2 switch is not configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions, this is a finding.

Fix Text

Configure the layer 2 switch to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.