V-252627 | High | The IBM Aspera High-Speed Transfer Server must be configured to comply with the required TLS settings in NIST SP 800-52. | SP 800-52 provides guidance on using the most secure version and configuration of the TLS/SSL protocol. Using older unauthorized versions or incorrectly configuring protocol negotiation makes the... |
V-252587 | High | The IBM Aspera Faspex feature must be configured to use encryption services that implement NIST FIPS-validated cryptography to protect the confidentiality of remote access sessions. | Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
Remote access is access to DoD nonpublic information... |
V-252630 | High | The IBM Aspera High-Speed Transfer Server must be configured to use NIST FIPS-validated cryptography to protect the integrity of remote access sessions. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access is access to DoD-nonpublic information systems by an authorized user... |
V-252570 | High | The IBM Aspera Console must be configured to use NIST FIPS-validated cryptography to protect the integrity of file transfers. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access is access to DoD-nonpublic information systems by an authorized user... |
V-252604 | High | The IBM Aspera Shares feature must be configured to use encryption services that implement NIST FIPS-validated cryptography to protect the confidentiality of remote access sessions. | Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
Remote access is access to DoD nonpublic information... |
V-252607 | High | IBM Aspera Shares feature must be configured to use NIST FIPS-validated cryptography to protect the integrity of file transfers. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access is access to DoD-nonpublic information systems by an authorized user... |
V-252562 | High | The IBM Aspera Console feature must be configured to use encryption services that implement NIST FIPS-validated cryptography to protect the confidentiality of remote access sessions. | Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
Remote access is access to DoD nonpublic information... |
V-252613 | High | The IBM Aspera High-Speed Transfer Endpoint must be configured to comply with the required TLS settings in NIST SP 800-52. | SP 800-52 provides guidance on using the most secure version and configuration of the TLS/SSL protocol. Using older unauthorized versions or incorrectly configuring protocol negotiation makes the... |
V-252616 | High | The IBM Aspera High-Speed Transfer Endpoint must be configured to use NIST FIPS-validated cryptography to protect the integrity of remote access sessions. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access is access to DoD-nonpublic information systems by an authorized user... |
V-252590 | High | IBM Aspera Faspex must be configured to use NIST FIPS-validated cryptography to protect the integrity of file transfers. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access is access to DoD-nonpublic information systems by an authorized user... |
V-252626 | Medium | The IBM Aspera High-Speed Transfer Endpoint must prohibit the use of cached authenticators after an organization-defined time period. | If the cached authenticator information is out of date, the validity of the authentication information may be questionable.
This requirement applies to all ALGs that may cache user authenticators... |
V-252624 | Medium | The IBM Aspera High-Speed Transfer Endpoint must restrict users from using transfer services by default. | Successful authentication must not automatically give an entity access to an asset or security boundary. The lack of authorization-based access control could result in the immediate compromise and... |
V-252625 | Medium | The IBM Aspera High-Speed Transfer Endpoint must restrict users read, write, and browse permissions by default. | Successful authentication must not automatically give an entity access to an asset or security boundary. The lack of authorization-based access control could result in the immediate compromise and... |
V-252622 | Medium | The IBM Aspera High-Speed Transfer Endpoint must not store node content-protection secrets in plain text. | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252623 | Medium | The IBM Aspera High-Speed Transfer Endpoint must not store user content-protection secrets in plain text. | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252620 | Medium | The IBM Aspera High-Speed Transfer Endpoint must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types. | Network element management includes the ability to control the number of users and user sessions that utilize a network element. Limiting the number of current sessions per user is helpful in... |
V-252621 | Medium | The IBM Aspera High-Speed Transfer Endpoint must not store group content-protection secrets in plain text. | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252628 | Medium | The IBM Aspera High-Speed Transfer Server must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types); organizations must... |
V-252629 | Medium | The IBM Aspera High-Speed Transfer Server must be configured to protect the authenticity of communications sessions. | Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions.
This requirement focuses on communications... |
V-252583 | Medium | IBM Aspera Faspex must require password complexity features to be enabled. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in... |
V-252582 | Medium | IBM Aspera Faspex must prevent concurrent logins for all accounts. | Limiting the number of current sessions per user is helpful in limiting risks related to DoS attacks.
This requirement addresses concurrent sessions for information system accounts and does not... |
V-252581 | Medium | IBM Aspera Faspex must lock accounts after three unsuccessful login attempts within a 15-minute timeframe. | By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. |
V-252580 | Medium | IBM Aspera Faspex must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access. | For remote access to non-privileged accounts, the purpose of requiring a device that is separate from the information system gaining access for one of the factors during multifactor authentication... |
V-252586 | Medium | IBM Aspera Faspex user account passwords must have a 60-day maximum password lifetime restriction. | Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the Aspera system does not limit the lifetime of passwords and force users... |
V-252585 | Medium | IBM Aspera Faspex passwords must be prohibited from reuse for a minimum of five generations. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the... |
V-252584 | Medium | IBM Aspera Faspex must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users). | Lack of authentication enables anyone to gain access to the network or possibly a network element that provides opportunity for intruders to compromise resources within the network infrastructure.... |
V-252589 | Medium | IBM Aspera Faspex must be configured to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
Organizational... |
V-252588 | Medium | IBM Aspera Faspex must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types); organizations must... |
V-252556 | Medium | The IBM Aspera Platform must be configured to support centralized management and configuration. | Without the ability to centrally manage the content captured in the audit records, identification, troubleshooting, and correlation of suspicious behavior would be difficult and could lead to a... |
V-252557 | Medium | The IBM Aspera Platform must not have unnecessary services and functions enabled. | Information systems are capable of providing a wide variety of functions (capabilities or processes) and services. Some of these functions and services are installed and enabled by default. The... |
V-252558 | Medium | IBM Aspera Console must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access. | For remote access to non-privileged accounts, the purpose of requiring a device that is separate from the information system gaining access for one of the factors during multifactor authentication... |
V-252559 | Medium | The IBM Aspera Console must protect audit information from unauthorized read access. | Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack, recognize resource utilization or capacity... |
V-252639 | Medium | The IBM Aspera High-Speed Transfer Server must not store user content-protection secrets in plain text. | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252638 | Medium | The IBM Aspera High-Speed Transfer Server must not store node content-protection secrets in plain text. | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252631 | Medium | The IBM Aspera High-Speed Transfer Server must configure the SELinux context type to allow the "aspshell". | Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or... |
V-252633 | Medium | The IBM Aspera High-Speed Transfer Server must enable password protection of the node database. | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252632 | Medium | The IBM Aspera High-Speed Transfer Server must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR). | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252635 | Medium | The IBM Aspera High-Speed Transfer Server must have a master-key set to encrypt the dynamic token encryption key. | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252634 | Medium | The IBM Aspera High-Speed Transfer Server must enable the use of dynamic token encryption keys. | Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session.
The dynamic token encryption key is used for... |
V-252637 | Medium | The IBM Aspera High-Speed Transfer Server must not store group content-protection secrets in plain text. | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252636 | Medium | The IBM Aspera High-Speed Transfer Server must limit the number of concurrent sessions to an organization-defined number for all accounts and/or account types. | Network element management includes the ability to control the number of users and user sessions that utilize a network element. Limiting the number of current sessions per user is helpful in... |
V-252648 | Medium | The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must have a mode of 0600 or less permissive to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key... |
V-252649 | Medium | The IBM Aspera High-Speed Transfer Server must prohibit the use of cached authenticators after an organization-defined time period. | If the cached authenticator information is out of date, the validity of the authentication information may be questionable.
This requirement applies to all ALGs that may cache user authenticators... |
V-252644 | Medium | The IBM Aspera High-Speed Transfer Server must restrict users read, write, and browse permissions by default. | Successful authentication must not automatically give an entity access to an asset or security boundary. The lack of authorization-based access control could result in the immediate compromise and... |
V-252645 | Medium | The IBM Aspera High-Speed Transfer Server must set the default docroot to an empty folder. | By restricting the default document root for the Aspera HSTS, this allows for explicit access to be defined on a per user basis.
By default, all system users can establish a FASP connection and... |
V-252646 | Medium | The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must be group-owned by root to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key... |
V-252647 | Medium | The IBM Aspera High-Speed Transfer Server private/secret cryptographic keys file must be owned by root to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key... |
V-252640 | Medium | The IBM Aspera High-Speed Transfer Server must not use the root account for transfers. | By incorporating a least privilege approach to the configuration of the Aspera HSTS platform, this will reduce the exposure of privileged accounts.
By default, all system users can establish a... |
V-252641 | Medium | The IBM Aspera High-Speed Transfer Server must restrict Aspera transfer users to a limited part of the server's file system. | By restricting the transfer users to a limited part of the server's file system, this prevents unauthorized data transfers.
By default, all system users can establish a FASP connection and are... |
V-252642 | Medium | The IBM Aspera High-Speed Transfer Server must restrict the transfer user(s) to the "aspshell". | By default, all system users can establish a FASP connection and are only restricted by file permissions. Restrict the user's file operations by assigning them to use aspshell, which permits only... |
V-252643 | Medium | The IBM Aspera High-Speed Transfer Server must restrict users from using transfer services by default. | Successful authentication must not automatically give an entity access to an asset or security boundary. The lack of authorization-based access control could result in the immediate compromise and... |
V-252579 | Medium | IBM Aspera Faspex must disable account identifiers after 35 days of inactivity. | Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive... |
V-252572 | Medium | The IBM Aspera Console private/secret cryptographic keys file must be owned by root to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. |
V-252573 | Medium | The IBM Aspera Console private/secret cryptographic keys file must have a mode of 0600 or less permissive to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. |
V-252571 | Medium | The IBM Aspera Console private/secret cryptographic keys file must be group-owned by root to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. |
V-252576 | Medium | The IBM Aspera Faspex private/secret cryptographic keys file must have a mode of 0600 or less permissive to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. |
V-252577 | Medium | IBM Aspera Faspex must allow the use of a temporary password for logins with an immediate change to a permanent password. | Without providing this capability, an account may be created without a password. Non-repudiation cannot be guaranteed once an account is created if a user is not forced to change the temporary... |
V-252574 | Medium | The IBM Aspera Console feature audit tools must be protected from unauthorized modification or deletion. | Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on... |
V-252575 | Medium | IBM Aspera Faspex interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions. | Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port... |
V-252600 | Medium | IBM Aspera Shares must lock accounts after three unsuccessful login attempts within a 15-minute timeframe. | By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. |
V-252601 | Medium | IBM Aspera Shares must require password complexity features to be enabled. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in... |
V-252602 | Medium | IBM Aspera Shares must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users). | Lack of authentication enables anyone to gain access to the network or possibly a network element that provides opportunity for intruders to compromise resources within the network infrastructure.... |
V-252603 | Medium | IBM Aspera Shares user account passwords must have a 60-day maximum password lifetime restriction. | Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the Aspera system does not limit the lifetime of passwords and force users... |
V-252605 | Medium | IBM Aspera Shares must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types); organizations must... |
V-252606 | Medium | IBM Aspera Shares must be configured to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
Organizational... |
V-252608 | Medium | IBM Aspera Shares must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access is access to DoD-nonpublic information systems by an authorized user... |
V-252609 | Medium | IBM Aspera Shares must protect audit information from unauthorized deletion. | If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
To ensure the veracity of... |
V-252569 | Medium | The IBM Aspera Console must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types); organizations must... |
V-252568 | Medium | IBM Aspera Console user account passwords must have a 60-day maximum password lifetime restriction. | Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the Aspera system does not limit the lifetime of passwords and force users... |
V-252565 | Medium | IBM Aspera Console must lock accounts after three unsuccessful login attempts within a 15-minute timeframe. | By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account. |
V-252564 | Medium | IBM Aspera Console must enforce password complexity by requiring at least fifteen characters, with at least one upper case letter, one lower case letter, one number, and one symbol. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in... |
V-252567 | Medium | IBM Aspera Console passwords must be prohibited from reuse for a minimum of five generations. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the... |
V-252566 | Medium | IBM Aspera Console must prevent concurrent logins for all accounts. | Limiting the number of current sessions per user is helpful in limiting risks related to DoS attacks.
This requirement addresses concurrent sessions for information system accounts and does not... |
V-252561 | Medium | IBM Aspera Console must be configured with a preestablished trust relationship and mechanisms with appropriate authorities (e.g., Active Directory or AAA server) which validate user account access authorizations and privileges. | User account and privilege validation must be centralized in order to prevent unauthorized access using changed or revoked privileges.
IBM Aspera Console must use an IdP for authentication for... |
V-252560 | Medium | The IBM Aspera Console must protect audit tools from unauthorized access. | Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on... |
V-252563 | Medium | IBM Aspera Console interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions. | Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port... |
V-252612 | Medium | The IBM Aspera Shares private/secret cryptographic keys file must have a mode of 0400 or less permissive to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. |
V-252611 | Medium | The IBM Aspera Shares private/secret cryptographic keys file must be owned by nobody to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. |
V-252610 | Medium | The IBM Aspera Shares private/secret cryptographic keys file must be group-owned by nobody to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. |
V-252617 | Medium | The IBM Aspera High-Speed Transfer Endpoint must enable content protection for each transfer user by encrypting passphrases used for server-side encryption at rest (SSEAR). | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252615 | Medium | The IBM Aspera High-Speed Transfer Endpoint must be configured to protect the authenticity of communications sessions. | Authenticity protection provides protection against man-in-the-middle attacks/session hijacking and the insertion of false information into sessions.
This requirement focuses on communications... |
V-252614 | Medium | The IBM Aspera High-Speed Transfer Endpoint must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types); organizations must... |
V-252619 | Medium | The IBM Aspera High-Speed Transfer Endpoint must have a master-key set to encrypt the dynamic token encryption key. | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252618 | Medium | The IBM Aspera High-Speed Transfer Endpoint must enable password protection of the node database. | Configuring the network element to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security... |
V-252591 | Medium | IBM Aspera Faspex must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection. | Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Remote access is access to DoD-nonpublic information systems by an authorized user... |
V-252592 | Medium | IBM Aspera Faspex must protect audit information from unauthorized modification. | If audit data were to become compromised, then forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve.
To ensure the veracity of... |
V-252593 | Medium | The IBM Aspera Faspex private/secret cryptographic keys file must be group-owned by faspex to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. |
V-252594 | Medium | The IBM Aspera Faspex private/secret cryptographic keys file must be owned by faspex to prevent unauthorized read access. | Private key data is used to prove that the entity presenting a public key certificate is the certificate's rightful owner. Compromise of private key data allows an adversary to impersonate the key holder. |
V-252595 | Medium | The IBM Aspera Faspex Server must restrict users from using transfer services by default. | Successful authentication must not automatically give an entity access to an asset or security boundary. The lack of authorization-based access control could result in the immediate compromise and... |
V-252596 | Medium | The IBM Aspera Faspex Server must restrict users read, write, and browse permissions by default. | Successful authentication must not automatically give an entity access to an asset or security boundary. The lack of authorization-based access control could result in the immediate compromise and... |
V-252597 | Medium | The IBM Aspera Shares interactive session must be terminated after 10 minutes of inactivity for non-privileged and privileged sessions. | Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port... |
V-252599 | Medium | IBM Aspera Shares must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access. | For remote access to non-privileged accounts, the purpose of requiring a device that is separate from the information system gaining access for one of the factors during multifactor authentication... |
V-252578 | Low | IBM Aspera Faspex must be configured to display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system. | Display of a standardized and approved use notification before granting access to the network ensures privacy and security notification verbiage used is consistent with applicable federal laws,... |
V-252598 | Low | IBM Aspera Shares must be configured to display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system. | Display of a standardized and approved use notification before granting access to the publicly accessible network element ensures privacy and security notification verbiage used is consistent with... |