STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Layer 2 Switch Security Requirements Guide

V-278985

CAT II (Medium)

The layer 2 switch, when transferring information between different security domains, must apply the same security policy filtering to metadata as it applies to data payloads.

Rule ID

SV-278985r1137780_rule

STIG

Layer 2 Switch Security Requirements Guide

Version

V3R4

CCIs

CCI-002211, CCI-000366

Discussion

Subjecting metadata to the same filtering and inspection policies as payload data avoids the potential for data compromise through covert channels and the bypass of security policy filtering. This requirement applies to layer 2 switches that transfer information between different security domains (e.g., cross-domain solutions). This requirement also applies to Zero Trust initiatives.

Check Content

Verify the layer 2 switch is configured to apply the same security policy filtering to metadata as it applies to data payloads, when transferring information between different security domains.

If the layer 2 switch does apply the same security policy filtering to metadata as it applies to data payloads, when transferring information between different security domains, this is a finding.

Fix Text

Configure the layer 2 switch to apply the same security policy filtering to metadata as it applies to data payloads, when transferring information between different security domains.