800-53|SC-7

Title

BOUNDARY PROTECTION

Description

The information system:

Supplemental

Managed interfaces include, for example, gateways, routers, firewalls, guards, network-based malicious code analysis and virtualization systems, or encrypted tunnels implemented within a security architecture (e.g., routers protecting firewalls or application gateways residing on protected subnetworks). Subnetworks that are physically or logically separated from internal networks are referred to as demilitarized zones or DMZs. Restricting or prohibiting interfaces within organizational information systems includes, for example, restricting external web traffic to designated web servers within managed interfaces and prohibiting external traffic that appears to be spoofing internal addresses. Organizations consider the shared nature of commercial telecommunications services in the implementation of security controls associated with the use of such services. Commercial telecommunications services are commonly based on network components and consolidated management systems shared by all attached commercial customers, and may also include third party-provided access lines and other service elements. Such transmission services may represent sources of increased risk despite contract security provisions.

Reference Item Details

Related: AC-17,AC-4,CA-3,CM-7,CP-8,IR-4,RA-3,SC-13,SC-5

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Use a Split-Horizon ArchitectureUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.1 Use a Split-Horizon ArchitectureUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.1.1 Create Separate Partition for /tmpUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.2 Ensure /tmp is configuredUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.1.2 Ensure /tmp is configuredUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
1.1.2 Ensure /tmp is configured - config checkUnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.0.0
1.1.2 Ensure /tmp is configured - config checkUnixCIS SUSE Linux Enterprise Server 12 L1 v3.0.0
1.1.2 Ensure /tmp is configured - mountUnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.0.0
1.1.2 Ensure /tmp is configured - mountUnixCIS SUSE Linux Enterprise Server 12 L1 v3.0.0
1.1.10 Add nodev Option to /homeUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.11 Add nodev Option to Removable Media PartitionsUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.11 Ensure separate partition exists for /var/tmpUnixCIS SUSE Linux Enterprise Server 12 L2 v3.0.0
1.1.11 Ensure separate partition exists for /var/tmpUnixCIS Fedora 19 Family Linux Server L2 v1.0.0
1.1.11 Ensure separate partition exists for /var/tmpUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.0.0
1.1.11 Ensure separate partition exists for /var/tmpUnixCIS Fedora 19 Family Linux Workstation L2 v1.0.0
1.1.12 Add noexec Option to Removable Media PartitionsUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.13 Add nosuid Option to Removable Media PartitionsUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.13 Ensure nodev option set on /var/tmp partitionUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.1.13 Ensure nodev option set on /var/tmp partitionUnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.0.0
1.1.13 Ensure nodev option set on /var/tmp partitionUnixCIS SUSE Linux Enterprise Server 12 L1 v3.0.0
1.1.13 Ensure nodev option set on /var/tmp partitionUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
1.1.14 Add nodev Option to /dev/shm PartitionUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.14 Ensure nosuid option set on /var/tmp partitionUnixCIS SUSE Linux Enterprise Server 12 L1 v3.0.0
1.1.14 Ensure nosuid option set on /var/tmp partitionUnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.0.0
1.1.14 Ensure nosuid option set on /var/tmp partitionUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.1.14 Ensure nosuid option set on /var/tmp partitionUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
1.1.15 Add nosuid Option to /dev/shm PartitionUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.16 Add noexec Option to /dev/shm PartitionUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.17 Ensure separate partition exists for /homeUnixCIS SUSE Linux Enterprise Server 12 L2 v3.0.0
1.1.17 Ensure separate partition exists for /homeUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.0.0
1.1.17 Ensure separate partition exists for /homeUnixCIS Fedora 19 Family Linux Workstation L2 v1.0.0
1.1.17 Ensure separate partition exists for /homeUnixCIS Fedora 19 Family Linux Server L2 v1.0.0
1.1.17 Set Sticky Bit on All World-Writable DirectoriesUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.18 Ensure nodev option set on /home partitionUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.1.18 Ensure nodev option set on /home partitionUnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.0.0
1.1.18 Ensure nodev option set on /home partitionUnixCIS SUSE Linux Enterprise Server 12 L1 v3.0.0
1.1.18 Ensure nodev option set on /home partitionUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.0.0
1.1.19 Ensure noexec option set on removable media partitionsUnixCIS SUSE Linux Enterprise Server 12 L1 v3.0.0
1.1.20 Ensure nodev option set on removable media partitionsUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
1.1.20 Ensure nodev option set on removable media partitionsUnixCIS SUSE Linux Enterprise Server 12 L1 v3.0.0
1.1.20 Ensure nodev option set on removable media partitionsUnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.0.0
1.1.20 Ensure nodev option set on removable media partitionsUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.1.21 Ensure nosuid option set on removable media partitionsUnixCIS Fedora 19 Family Linux Server L1 v1.0.0
1.1.21 Ensure nosuid option set on removable media partitionsUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.1.21 Ensure nosuid option set on removable media partitionsUnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.0.0
1.1.21 Ensure nosuid option set on removable media partitionsUnixCIS SUSE Linux Enterprise Server 12 L1 v3.0.0
1.1.21 Ensure sticky bit is set on all world-writable directoriesUnixCIS Debian 9 Workstation L1 v1.0.1