12.8: Deploy NetFlow Collection on Networking Boundary Devices
Enable the collection of NetFlow and logging data on all network boundary devices.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Detect |
2, 3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Sub-control 12.1: Maintain an Inventory of Network Boundaries
Inputs
List of network boundary devices (from inventory)
Assumption
Assumes organization has positive control over inventory - explicitly ignores the case where there may be a network boundary device present and not accounted for (if other controls are working, this should not be the case).
Operations
- For each network boundary device,
Check configuration for NetFlow data (i.e. NetFlow is enabled)
Check configuration for logging data (i.e. logging is enabled)
Measures
M1 = Count of network boundary devices (from Input 1)
M2 = List of network boundary devices with NetFlow enabled
M3 = Count of M2
M4 = List of network boundary devices without NetFlow enabled
M5 = Count of M4
M6 = List of network boundary devices with logging enabled
M7 = Count of M6
M8 = List of network boundary devices without logging enabled
M9 = Count of M8
M10 = List of network boundary devices with both NetFlow and logging enabled
M11 = Count of M10
M12 = List of network boundary devices with either NetFlow or logging disabled
M13 = Count of M12
Metrics
NetFlow Coverage
Metric |
Ratio of network boundary devices with appropriately configured NetFlow to the total number of network boundary devices
|
Calculation |
|
Logging Coverage
Metric |
Ratio of network boundary devices with appropriately configured logging to the total number of network boundary devices
|
Calculation |
|
Total Coverage
Metric |
Ratio of appropriately configured network boundary devices to the total number of network boundary devices
|
Calculation |
|