UCF STIG Viewer Logo

Ensure the use a vendor-supported version of the remote access server, remote access policy server, NAC appliance, VPN, and/or communications server software.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18535 SRC-RAP-080 SV-20078r1_rule Medium
Description
Unsupported versions will lack security enhancements as well as support provided by the vendors to address vulnerabilities. The system administrator must monitor IAVM, OS, or OEM patch or vulnerability notices for the remote access, VPN, or communications appliance(s). Patches, upgrades, and configuration changes should be tested to the greatest extent possible prior to installation. The vendor may be consulted to determine if the specific device is vulnerable. If the vendor does not recommend installing a patch or upgrade, and has stated that the device is not vulnerable, the administrator will retain this documentation.
STIG Date
Remote Access Policy STIG 2016-03-28

Details

Check Text ( C-21324r1_chk )
Verify remote access gateway release and maintenance level. Research the vendor's vulnerability list and current version/revision. This can be obtained on the vendor's support page of their website.
Fix Text (F-19140r1_fix)
When the system administator is notified that previously installed versions of the remote access device, the version will be tested and installed as soon as the mission permits. However, previous version with security vulnerabilities must be documented in a Plan of Action and Milestones (POAM).