← Back to Layer 2 Switch Security Requirements Guide

V-263667

CAT II (Medium)

The layer 2 switch must implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.

Rule ID

SV-263667r1137762_rule

STIG

Layer 2 Switch Security Requirements Guide

Version

V3R4

CCIs

CCI-004891

Discussion

Separating critical system components and functions from other noncritical system components and functions through separate subnetworks may be necessary to reduce susceptibility to a catastrophic or debilitating breach or compromise that results in system failure. For example, physically separating the command and control function from the in-flight entertainment function through separate subnetworks in a commercial aircraft provides an increased level of assurance in the trustworthiness of critical system functions. This requirement also applies to Zero Trust initiatives.

Check Content

Verify the layer 2 switch is configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.

If the layer 2 switch is not configured to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions, this is a finding.

Fix Text

Configure the layer 2 switch to implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.