UCF STIG Viewer Logo

EBRP-1 Remote Access for Privileged Functions


Remote access for privileged functions is discouraged, is permitted only for compelling operational needs, and is strictly controlled. In addition to EBRU-1, sessions employ security measures such as a VPN with blocking mode enabled. A complete audit trail of each remote session is recorded, and the IAM/IAO reviews the log for every remote session.

MAC / CONF Impact Subject Area
High Enclave Boundary Defense


Remote access for privileged functions is especially dangerous due to the transmission of administer usernames and passwords over non-DoD media and devices.  Compromised privileged credentials can cause network denial of service and of unauthorized use of sensitiv
e DoD information. Proper security precautions such as correct use of VPN and auditing minimize the risk of network compromise and attack.

1. If needed for a compelling operational need, remote access for privileged functions shall be used only with VPN.
2. Auditing of each remote VPN session shall be enabled.
3. The IAM/IAO shall review the audit log for every remote session.
4. Refer to DoD or other applicable guidance for proper connection requirements and procedures.


  • CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
  • DISA Network Infrastructure STIG, Version 6 Draft, 29 October 2004
  • DISA Secure Remote Computing STIG, Version 1, Release 1, 14 February 2003
  • DISA Enclave Security STIG, Version 2, Release 1, 01 July 2004