UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Ensure remote access for privileged tasks such as network devices, host, or application administration is compliant.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19834 SRC-RAP-050 SV-21997r1_rule ECSC-1 High
Description
If remote access is used to connect to a network or host for privileged access, stringent security controls will be implemented. AAA network security services provide the primary framework through which a network administrator can set up access control and authorization on network points of entry or network access servers It is not advisable to configure access control on the VPN gateway or remote access server. Separation of services provides added assurance to the network if the access control server is compromised.
STIG Date
Remote Access Policy STIG 2015-09-16

Details

Check Text ( C-22223r1_chk )
View the configuration of the the RAS and/or remote VPN gateway. Verify that a AAA (authentication) server is required for privileged access to the remote access device by reviewing the authentication screen.

Verify that the configuration requires the following:
1. Multi-factor authentication (e.g., PKI, SecureID, or DoD Alternate Token) using a AAA server;
2. Identification and personal authentication uses individually assigned accounts rather than group or shared accounts or authenticators; and
3. . Encryption using FIPS 140-2 compliant algorithms and encryption modules - (e.g., AES).

Also verify that a network review has been performed using the Network Infrastructure STIG and the architecture
complies with the In- and Out-of-band requirements of the appropriate Network Infrastructure STIG.
Fix Text (F-20517r1_fix)
The remote access administrator will configure the remote access or VPN server to use the TACACS+, Radius or Diameter server for administrative access.