1
The operating system must prevent public IPv4 access into an organizations internal networks, except as appropriately mediated by managed interfaces employing boundary protection devices.
What does this statement trying to say?
…must prevent public IPv4 access into an organizations internal networks…
Isn’t an organization’s internal network is already (hopefully) private?
…managed interfaces…
What are they?
the base operating system should not (by default) grant wider access to the LAN the system is connected to
by this you mean block ports that are not required? – Kishor Pawar – 2016-06-30T06:26:01.230@KishorPawar Basically, yes. Ports and just network access to any address outside of the machine itself. – JakeGould – 2016-06-30T06:44:40.497
The referred to rule
SV-50313r2_rule
is a reference to the SCAP XCCDF and OVAL file entry to document and perform the check for this particular setting. It has no other meaning than where to find it in the automated DISA scan data files. – kronenpj – 2016-07-19T00:00:07.657