Ensure that for unmanaged client endpoints, the system must automatically scan the device once it has connected to the physical network but before giving access to the trusted internal LAN.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18837 | SRC-NAC-090 | SV-20590r1_rule | Medium |
| Description |
|---|
| Unmanaged devices that are not controlled or configured by DoD should not be used on the network. Contractor and partner equipment must also comply with DoD endpoint configuration requirements and kept updated. Automated assessment will allow these devices to be used safely while minimizing risk to the Enclave. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2016-03-28 |
Details
| Check Text ( C-22572r1_chk ) |
|---|
| Verify compliance by checking the filter and configuration of the access control service/solution. Note: For unmanaged devices, only devices that have passed the scan will be admitted for full access. Remediation may not be possible since this often requires administrative access and the user should not have this access on his client PC. However, the device must be manually remediation by the owning entity and then re-assessed prior to allowing access. |
| Fix Text (F-19509r1_fix) |
|---|
| Ensure that for endpoints that are not inspected and controlled by the site, the access control system/solution performs automated assessment. |