← Back to Network Infrastructure Policy Security Technical Implementation Guide

V-251382

CAT II (Medium)

VPN gateways used to create IP tunnels to transport classified traffic across an unclassified IP network must comply with appropriate physical security protection standards for processing classified information.

Rule ID

SV-251382r806101_rule

STIG

Network Infrastructure Policy Security Technical Implementation Guide

Version

V10R7

CCIs

CCI-000366

Discussion

When transporting classified data over an unclassified IP network, it is imperative that the network elements deployed to provision the encrypted tunnels are located in a facility authorized to process the data at the proper classification level.

Check Content

Review the network topology diagram. If there is a connection between the classified network and the unclassified network for the purpose of tunneling classified traffic across the unclassified IP network, verify that the IPsec VPN gateway used to provision the tunnel is compliant with appropriate physical security protection standards for processing classified information.

If appropriate physical security protection has not been enforced, this is a finding.

Fix Text

Employ the necessary physical security protection for the VPN gateway devices used for tunneling classified traffic across the unclassified IP network.