Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-222671 | APSC-DV-003350 | SV-222671r879887_rule | Medium |
Description |
---|
In order to protect DoD data and systems, all remote access to DoD information systems must be mediated through a managed access control point, such as a remote access server in a DMZ. |
STIG | Date |
---|---|
Application Security and Development Security Technical Implementation Guide | 2023-06-08 |
Check Text ( C-24341r493921_chk ) |
---|
Interview the application representative and determine if the application is publicly accessible. If the application is publicly accessible and traffic is not being routed through a DMZ, this is a finding. |
Fix Text (F-24330r493922_fix) |
---|
Setup a DMZ between DoD and public networks. |