UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Configure the devices and servers in the network access control solution (e.g., NAC, assessment server, policy decision point) so they do not communicate with other network devices in the DMZ or subnet except as needed to perform a remote access client assessment or to identify itself.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18835 SRC-NAC-060 SV-20588r1_rule Medium
Description
Since the network access control devices and servers should have no legitimate reason for communicating with other devices outside of the assessment solution, any direct communication with unrelated hosts would be suspect traffic.
STIG Date
Remote Access Policy STIG 2016-03-28

Details

Check Text ( C-22570r1_chk )
Verify that the policy assessment device is not allowed to communicate with other hosts in the DMZ that do not perform security policy assement or remediation services.
Fix Text (F-19507r1_fix)
Ensure that the policy assessment appliance or service is not allowed to communicate with unrelated host in the DMZ.