STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Network Infrastructure Policy Security Technical Implementation Guide

V-251365

CAT II (Medium)

All Internet-facing applications must be hosted in a DoD Demilitarized Zone (DMZ) Extension.

Rule ID

SV-251365r806050_rule

STIG

Network Infrastructure Policy Security Technical Implementation Guide

Version

V10R7

CCIs

CCI-000366

Discussion

Without the protection of a DMZ, production networks will be prone to outside attacks as they are allowing externally accessible services to be accessed on the internal LAN. This can cause many undesired consequences such as access to the entire network, Denial of Service attacks, or theft of sensitive information.

Check Content

Review the network topology diagram and interview the ISSO to verify that all Internet-facing applications are hosted in a DoD DMZ Extension.

If there are any Internet-facing applications hosted in the enclave's DMZ or private network, this is a finding.

Fix Text

Implement and move internet facing applications logically to a DoD DMZ Extension.