Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16850 | APP6270 | SV-17850r1_rule | EBPW-1 | Medium |
Description |
---|
In order to protect DoD data and systems, all remote access to DoD information systems must be mediated through a managed access control point, such as a remote access server in a DMZ. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17866r1_chk ) |
---|
Interview the application representative and determine if the application is publicly accessible. 1) If the application is publicly accessible and traffic is not being routed through a DMZ, it is a finding. |
Fix Text (F-17172r1_fix) |
---|
Setup DMZ between DoD and public networks. |