8cbc5a056c
These sets of STIGs are mainly meant for systems that are not performing functions. See the documentation for exception explanations. Implements: blueprint security-hardening Change-Id: I7f5db959103a7b9f9a3c0be46b8abcc2471a31a5
682 B
682 B
Exception
The STIG makes several requirements for IPv4 network restrictions, but these restrictions can impact certain network interfaces and cause service disruptions. Some security configurations make sense for certain types of network interfaces, like bridges, but other restrictions cause the network interface to stop passing valid traffic between hosts, containers, or virtual machines.
The default network scripts and LXC userspace tools already configure various network devices to their most secure setting. Since some hosts will act as routers, enabling security configurations that restrict network traffic can cause service disruptions for OpenStack environments.