UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Where automated remediation is used for remote access clients, traffic separation will be implemented and authorized and unauthorized network traffic use separate security domains (e.g., Virtual Local Area Networks (VLANs)).


Overview

Finding ID Version Rule ID IA Controls Severity
V-18846 SRC-NAC-180 SV-20599r1_rule Low
Description
A device can pass authentication by presenting valid credentials. However, in a properly configured automated admission access control solution, the device must also be compliant with security policy. When this technology is used, policy compliance and remediation is performed before the device is allowed unto the trusted network. If the device does not pass the security policy compliance inspection, then it may contain malicious code which may endanger the network. After the device has been authenticated, it can be logically moved into a new VLAN and given access to the trusted network depending on user authorization. NOTE: This policy does not mandate automated remediation.
STIG Date
Remote Access Policy STIG 2016-03-28

Details

Check Text ( C-22603r1_chk )
Verify that remediation server is configured as follows:

– Will be separated from the policy assessment server on a separate subnet;
– Will be separated from the internal protected enclave by a separate subnet;
– The subnet configuration will comply with the requirement of the Network Infrastructure STIG;
– Will incorporate and leverage use of DoD remediation tools when available; and
– Will comply with the requirements of the applicable operating system STIG.
Fix Text (F-19521r1_fix)
Ensure remediation server is configured as requrired, at a minimum.