Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-21799 | SRC-EPT-055 | SV-24380r1_rule | ECSC-1 | Medium |
Description |
---|
There may be hardware or keyboard capture software which could monitor computer usage and keystrokes. Also, these computers may contain virus' and other malicious code which may infect DoD systems being accessed. This policy is in accordance with Directive-Type Memorandum (DTM) 08-027, 31 July 2009, Security of Unclassified DoD Information on Non-DoD Information Systems. |
STIG | Date |
---|---|
Remote Access Policy STIG | 2015-09-16 |
Check Text ( C-26068r1_chk ) |
---|
Verify the users are trained not to use public computers or kiosks to process government sensitive information. This may be placed in the User Agreement or the site's training materials. |
Fix Text (F-22583r1_fix) |
---|
Ensure users do not use public computers and kiosks to process, store, or transmit sensitive information without approal of the data owner. |