The network device must not be configured to have any feature enabled that calls home to the vendor.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-243226	WLAN-NW-001300	SV-243226r720133_rule		Medium

Description

Call-home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. There is a risk that transmission of sensitive data sent to unauthorized persons could result in data loss or downtime due to an attack. (See SRG-NET-000131-RTR-000083.)

STIG	Date
Network WLAN AP-NIPR Platform Security Technical Implementation Guide	2023-02-13

Details

Check Text (C-46501r720131_chk)

Review the device configuration to determine if the call home service or feature is disabled on the device.

If the call home service is enabled on the device, this is a finding.

Note: This feature can be enabled if the communication is only to a server residing in the local area network or enclave.

Fix Text (F-46458r720132_fix)

Configure the network device to disable the call home service or feature.

Note: This feature can be enabled if the communication is only to a server residing in the local area network or enclave.