Configure the devices and servers in the network access control solution (e.g., NAC, assessment server, policy decision point) so they do not communicate with other network devices in the DMZ or subnet except as needed to perform a remote access client assessment or to identify itself.

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Configure the devices and servers in the network access control solution (e.g., NAC, assessment server, policy decision point) so they do not communicate with other network devices in the DMZ or subnet except as needed to perform a remote access client assessment or to identify itself.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18835	SRC-NAC-060	SV-20588r1_rule	ECSC-1	Medium

Description
Since the network access control devices and servers should have no legitimate reason for communicating with other devices outside of the assessment solution, any direct communication with unrelated hosts would be suspect traffic.

STIG	Date
Remote Access Policy STIG	2015-09-16

Details

Check Text ( C-22570r1_chk )
Verify that the policy assessment device is not allowed to communicate with other hosts in the DMZ that do not perform security policy assement or remediation services.

Fix Text (F-19507r1_fix)
Ensure that the policy assessment appliance or service is not allowed to communicate with unrelated host in the DMZ.