For networks which do not allow unmanaged devices, remote endpoints that fail the device authentication check will not proceed with the policy assessment checks (authorization checks) and remote access will be denied.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18852 | SRC-NAC-210 | SV-20617r1_rule | Medium |
| Description |
|---|
| Devices that fail authentication are not permitted on the network. These devices may contain malware or content which is harmful to the enclave. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2016-03-28 |
Details
| Check Text ( C-22632r1_chk ) |
|---|
| Verify by examining the configuration of the policy assessment or enforcement server (e.g., NAC appliance). Examine the actions taken when the endpoint fails authentication comply with the requirement. |
| Fix Text (F-20528r1_fix) |
|---|
| Where unmanaged devices are not allowed access, the IAO will ensure that remote endpoints that fail the device authentication the remote access request will be terminated. |