Ensure remote endpoint policy assessment proceeds only after the endpoint attempting remote access has been identified using an approved method such as 802.1x or EAP tunneled within PPP.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18750 | SRC-NAC-020 | SV-20438r1_rule | Low |
| Description |
|---|
| Trusted computing shoud require authentication and authorization of both the user's identity and the identity of the computing device. It is possible that an authorized user may be accessing the network remotely from a computer that does not meet DoD standards. This may compromise user information, particularly before or after a VPN tunnel is established. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2016-03-28 |
Details
| Check Text ( C-22471r1_chk ) |
|---|
| Verify that access filters are set to perform device authentication before policy assessment is perfomed. Verify that an approved method for device authentication is used (i.e., 802.1x or EAP tunnelled within PPP (for dial-up). |
| Fix Text (F-19402r1_fix) |
|---|
| The IAO will ensure that the end point attempting remote access are valid before proceeding with security assessment or remediation activities. |