UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Ensure a remote access security policy manager is used to manage the security policy on devices used for remote network connection or remote access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18590 SRC-RAP-070 SV-20136r1_rule Medium
Description
A centralized policy manager provides a consistent security policy, particularly in environments with multiple remote access devices such as multiple VPNs or RAS devices. This is a best practice for centralized management in networks with multiple remote access gateways or products. Use a single remote access policy server or configure a centralized access server which serves this purpose.
STIG Date
Remote Access Policy STIG 2016-03-28

Details

Check Text ( C-22224r1_chk )
Review the configuration of the remote access device (RAS/VPN).

Verify the remote access policy is the primary means for configuring access control for user access. The centralized remote access policy should apply to all remote access devices so that there is a consistent security policy. Remote access portals and network extension are also handled in this access control policy.

NOTE: Portal configuration and network extension configuration is handled in the access control policy.
Fix Text (F-19223r1_fix)
Implement a centralized remote access policy for configuring and controlling access for remote users.