Regardless of the type of endpoint used, the communication between the policy enforcement device (e.g., NAC appliance) and the agent must be protected by encryption (e.g., SSL/TLS over HTTP, EAP-TLS, EAP over PPP).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18841 | SRC-NAC-130 | SV-20594r1_rule | Low |
| Description |
|---|
| Communications between the remote client and the system which makes the decision to allow or terminate access to the network is privileged traffic. Privileged communication should be separated and/or encrypted. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2016-03-28 |
Details
| Check Text ( C-22598r1_chk ) |
|---|
| Verify compliance by checking the configuration of the policy assessment server or other component which communicates with the HBSS client on the endpoint devices. Verify that communications are set for encrypted access. |
| Fix Text (F-19516r1_fix) |
|---|
| Ensure that the communication between the endpoint agent and the policy enforcement device is encrypted. |