UCF STIG Viewer Logo

Applications providing remote connectivity must prevent remote devices that have established a non-remote connection with the system from communicating outside of the communications path with resources in external networks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32561 SRG-APP-000257-DB-NA SV-42898r1_rule Medium
Description
This control enhancement is implemented within the remote device (e.g., notebook/laptop computer) via configuration settings that are not configurable by the user of that device. An example of a non-remote communications path from a remote device is a virtual private network. When a non-remote connection is established using a virtual private network, the configuration settings prevent split-tunneling. Split-tunneling might otherwise be used by remote users to communicate with the information system as an extension of that system and to communicate with local resources such as, a printer or file server. Since the remote device, when connected by a non-remote connection, becomes an extension of the information system, allowing dual communications paths such as split-tunneling would be, in effect, allowing unauthorized external connections into the system. This requirement is specific to applications that configure or manage split tunneling. This requirement is NA for databases.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-41000r1_chk )
This check is NA for databases.
Fix Text (F-36476r1_fix)
This fix is NA for databases.