Free DISA STIG and SRG Library

V-62165

The layer 2 switch must befail configured to faila securelysecure instate theif eventsystem ofinitialization anfails, operationalshutdown failurefails, or aborts fail.

Finding ID

SRG-NET-000235-L2S-000031

Rule ID

SV-~~76655r2_rule~~76655r1_rule

Severity

~~Cat II~~

CCE

(None)

Group Title

SRG-NET-000235

CCI

CCI-~~001126~~001190

Target Key

(None)

Documentable

Discussion

IfFailure ~~the~~to ~~switch~~a ~~fails~~known insafe anstate ~~unsecure~~helps ~~manner~~prevent ~~(open),~~systems ~~unauthorized~~from ~~traffic~~failing ~~originating~~to ~~externally~~a tostate ~~the~~that ~~enclave~~ may ~~enter~~cause orloss ~~the~~of ~~device~~data ~~may~~or ~~permit~~ unauthorized ~~information~~access ~~release.~~to ~~Fail secure is a condition achieved by employing information~~ system ~~mechanisms~~resources. toNetwork ~~ensure,~~elements ~~in the event of an operational failure of the switch,~~ that itfail ~~does~~suddenly ~~not~~and ~~enter~~with ~~into~~no anincorporated ~~unsecure~~failure state ~~where~~planning ~~intended~~may ~~security~~leave ~~properties no longer hold. If~~ the ~~device~~hosting ~~fails,~~system itavailable ~~must~~but ~~not~~with ~~fail in~~ a ~~manner~~reduced ~~that~~security ~~will~~protection ~~allow unauthorized access~~capability. IfPreserving ~~the~~information ~~switch~~system ~~fails~~state ~~for~~information ~~any~~also ~~reason,~~facilitates itsystem ~~must~~restart ~~stop~~and ~~forwarding~~return ~~traffic~~to ~~altogether or maintain~~ the ~~configured~~operational ~~security~~mode ~~policies.~~of If the ~~device~~organization ~~stops~~with ~~forwarding~~less ~~traffic,~~disruption ~~maintaining~~to ~~network~~mission-essential ~~availability would be achieved through device redundancy~~processes. An example is a firewall that blocks all traffic rather than allowing all traffic when a firewall component fails (e.g., fail closed and do not forward traffic). This prevents an attacker from forcing a failure of the system in order to obtain access. Abort refers to stopping a program or function before it has finished naturally. The term abort refers to both requested and unexpected terminations.

Fix Text

Configure the layer 2 switch to fail to a secure state upon failure of initialization, shutdown, or abort actions.

Check Content

Review the vendor documentation to determine if the layer 2 switch will fail to a secure state in the event that the system initialization fails, shutdown fails, or abort fails. If the layer 2 switch does not fail to a secure state in the event that the system initialization fails, shutdown fails, or abort fails, this is a finding.