DISA STIGS Viewer

VMware NSX-T SDN Controller Security Technical Implementation Guide

Overview

Version Date Finding Count (2) Downloads
1 2022-03-09 CAT I (High): 0 CAT II (Medium): 2 CAT III (Low): 0 Excel JSON XML
Stig Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.
Classified Public Sensitive  
I - Mission Critical Classified I - Mission Critical Public I - Mission Critical Sensitive II - Mission Critical Classified II - Mission Critical Public II - Mission Critical Sensitive III - Mission Critical Classified III - Mission Critical Public III - Mission Critical Sensitive

Findings - MAC III - Mission Critical Classified

Finding ID Severity Title Description
V-251735 Medium The NSX-T Controller cluster must be on separate physical hosts. SDN relies heavily on control messages between a controller and the forwarding devices for network convergence. The controller uses node and link state discovery information to calculate and determine optimum pathing within the SDN network infrastructure based on application, business, and security policies. Operating in the proactive flow instantiation mode,...
V-251734 Medium The NSX-T Controller must be configured as a cluster in active/active mode to preserve any information necessary to determine cause of a system failure and to maintain network operations with least disruption to workload processes and flows. Failure in a known state can address safety or security in accordance with the mission needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the SDN controller. Preserving network element state information helps...