Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19383 | SRC-VPN-070 | SV-21300r1_rule | ECSC-1 | Low |
Description |
---|
Remote endpoint devices requesting TLS portal access will either be disconnected or given limited access as designated by the DAA and system owner if the device fails the authentication or security assessment. |
STIG | Date |
---|---|
Remote Access Policy STIG | 2015-09-16 |
Check Text ( C-23375r1_chk ) |
---|
Verification will depend on the method used by the site to automate this functionality. Verify that end point failing to pass minimum and requried security configuration checks are not given full access to DoD non-public information with DAA approval. NOTE: The user will be presented with a limited portal which does not include access options for sensitive resources. (Required security checks will be identified and approved by the DAA or designated representative). |
Fix Text (F-19955r1_fix) |
---|
Ensure end point failing to pass minimum and required security configuration checks are not given full access to DoD non-public information with DAA approval. |