Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Ensure the use a vendor-supported version of the remote access server, remote access policy server, NAC appliance, VPN, and/or communications server software.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18535 | SRC-RAP-080 | SV-20078r1_rule | ECSC-1 VIVM-1 | Medium |
| Description |
|---|
| Unsupported versions will lack security enhancements as well as support provided by the vendors to address vulnerabilities. The system administrator must monitor IAVM, OS, or OEM patch or vulnerability notices for the remote access, VPN, or communications appliance(s). Patches, upgrades, and configuration changes should be tested to the greatest extent possible prior to installation. The vendor may be consulted to determine if the specific device is vulnerable. If the vendor does not recommend installing a patch or upgrade, and has stated that the device is not vulnerable, the administrator will retain this documentation. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2015-09-16 |
Details
| Check Text ( C-21324r1_chk ) |
|---|
| Verify remote access gateway release and maintenance level. Research the vendor's vulnerability list and current version/revision. This can be obtained on the vendor's support page of their website. |
| Fix Text (F-19140r1_fix) |
|---|
| When the system administator is notified that previously installed versions of the remote access device, the version will be tested and installed as soon as the mission permits. However, previous version with security vulnerabilities must be documented in a Plan of Action and Milestones (POAM). |