Remote/telework endpoints not capable (e.g., lacks enough memory or resources) of meeting the compliance requirements for anti-virus, firewall, and web browser configuration will not be permitted access to the DoD network.

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Remote/telework endpoints not capable (e.g., lacks enough memory or resources) of meeting the compliance requirements for anti-virus, firewall, and web browser configuration will not be permitted access to the DoD network.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19150	SRC-EPT-080	SV-20963r1_rule	ECSC-1	Medium

Description
If the client is incapable of employing critical security protections then allowing access to that devices could expose the network to potentially significant risk.

STIG	Date
Remote Access Policy STIG	2015-09-16

Details

Check Text ( C-22785r1_chk )
Interview the IAO. Ask if devices are permitted either through Service Level Agreements or DoD-owned which do not have anti-virus, firewall, or cannot be configured to meet DoD requirements. If such devices are permitted, this is a finding.

Fix Text (F-19701r1_fix)
Ensure the DAA and system administrator have a policy that devices must contain anti-virus and firewall software which are compliant with DoD requirements of the Desktop STIG.