UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Ensure that for unmanaged client endpoints, the system must automatically scan the device once it has connected to the physical network but before giving access to the trusted internal LAN.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18837 SRC-NAC-090 SV-20590r1_rule Medium
Description
Unmanaged devices that are not controlled or configured by DoD should not be used on the network. Contractor and partner equipment must also comply with DoD endpoint configuration requirements and kept updated. Automated assessment will allow these devices to be used safely while minimizing risk to the Enclave.
STIG Date
Remote Access Policy STIG 2016-03-28

Details

Check Text ( C-22572r1_chk )
Verify compliance by checking the filter and configuration of the access control service/solution.

Note: For unmanaged devices, only devices that have passed the scan will be admitted for full access. Remediation may not be possible since this often requires administrative access and the user should not have this access on his client PC. However, the device must be manually remediation by the owning entity and then re-assessed prior to allowing access.
Fix Text (F-19509r1_fix)
Ensure that for endpoints that are not inspected and controlled by the site, the access control system/solution performs automated assessment.