UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Remote/telework endpoints not capable (e.g., lacks enough memory or resources) of meeting the compliance requirements for anti-virus, firewall, and web browser configuration will not be permitted access to the DoD network.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19150 SRC-EPT-080 SV-20963r1_rule ECSC-1 Medium
Description
If the client is incapable of employing critical security protections then allowing access to that devices could expose the network to potentially significant risk.
STIG Date
Remote Access Policy STIG 2015-09-16

Details

Check Text ( C-22785r1_chk )
Interview the IAO. Ask if devices are permitted either through Service Level Agreements or DoD-owned which do not have anti-virus, firewall, or cannot be configured to meet DoD requirements.

If such devices are permitted, this is a finding.
Fix Text (F-19701r1_fix)
Ensure the DAA and system administrator have a policy that devices must contain anti-virus and firewall software which are compliant with DoD requirements of the Desktop STIG.