Ensure that for unmanaged client endpoints, the system must automatically scan the device once it has connected to the physical network but before giving access to the trusted internal LAN.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-18837	SRC-NAC-090	SV-20590r1_rule	ECSC-1	Medium

Description
Unmanaged devices that are not controlled or configured by DoD should not be used on the network. Contractor and partner equipment must also comply with DoD endpoint configuration requirements and kept updated. Automated assessment will allow these devices to be used safely while minimizing risk to the Enclave.

STIG	Date
Remote Access Policy STIG	2015-09-16

Details

Check Text ( C-22572r1_chk )
Verify compliance by checking the filter and configuration of the access control service/solution. Note: For unmanaged devices, only devices that have passed the scan will be admitted for full access. Remediation may not be possible since this often requires administrative access and the user should not have this access on his client PC. However, the device must be manually remediation by the owning entity and then re-assessed prior to allowing access.

Check Text ( C-22572r1_chk )

Verify compliance by checking the filter and configuration of the access control service/solution.

Note: For unmanaged devices, only devices that have passed the scan will be admitted for full access. Remediation may not be possible since this often requires administrative access and the user should not have this access on his client PC. However, the device must be manually remediation by the owning entity and then re-assessed prior to allowing access.

Fix Text (F-19509r1_fix)
Ensure that for endpoints that are not inspected and controlled by the site, the access control system/solution performs automated assessment.