Develop a computer security checklist to be completed and signed by the remote user. This checklist will inform and remind the user of the potential security risks inherent with remote access methods.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19142	SRC-EPT-060	SV-20955r1_rule	ECSC-1	Low

Description
Lack of user training and understanding of responsibilities to safeguard the network are a significant vulnerability to the enclave. Once policies are established, users must be trained to these requirements or the risk to the network remains.

STIG	Date
Remote Access Policy STIG	2015-09-16

Details

Check Text ( C-22762r1_chk )
Inspect a copy of the site’s security checklist, if available. This checklist may be incorporated into the user agreement or the user training. The checklist is different from the user agreement in that it incorporates all of the user's security responsibilities concerning remote computing and network security in general. Verify that documentation exists to show that users are required to read and sign this checklist or training material.

Check Text ( C-22762r1_chk )

Inspect a copy of the site’s security checklist, if available. This checklist may be incorporated into the user agreement or the user training. The checklist is different from the user agreement in that it incorporates all of the user's security responsibilities concerning remote computing and network security in general. Verify that documentation exists to show that users are required to read and sign this checklist or training material.

Fix Text (F-19693r1_fix)
Ensure a checklist or detailed user training is used to inform the users of their security responsibilities.