V-272103

Discussion

An incident, whether adversarial- or nonadversarial-based, can disrupt established communication paths used for system operations and organizational command and control. Alternate communication paths reduce the risk of all communications paths being affected by the same incident. To compound the problem, the inability of organizational officials to obtain timely information about disruptions or to provide timely direction to operational elements after a communication path incident, can impact the ability of the organization to respond to such incidents in a timely manner. Establishing alternate communication paths for command and control purposes, including designating alternative decision makers if primary decision makers are unavailable and establishing the extent and limitations of their actions, can greatly facilitate the organization's ability to continue to operate and take appropriate actions during an incident.

Check Content

Review the SSP and the ACI configuration to verify logical separation using EPGs, bridge domains, and/or tenants is configured.

There are a large number of places to validate that each EPG is using an organizational defined VLAN. That would be dependent on the VLAN pool associated with the Physical/ VMM Domains that the EPG is using.

To check the Physical domain in the GUI, use the following path: 
Tenants >> {{your_Tenant}} >> Application Profiles >> {{your_application_profile}} >> Application EPGs >> {{your_EPG}} > Domains

After checking the domain, check the VLAN pool on the physical domains in the GUI:
Fabric >> Access Policies >> Physical and External Domains >> Physical Domains >> {{your_domain}}

For VMM Domain vlan pools, check the following GUI location: 
Virtual Networking >> VMware >> {{your_VMM_Domain}} >> Policy >> General

If organization-defined alternate communication paths for system operations organizational command and control have not been established, this is a finding.