Endpoints accessing the remediation server will not have access to other network resources that are not part of the remediation process.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18853 | SRC-NAC-220 | SV-20618r1_rule | Medium |
| Description |
|---|
| This type of access could permit an unauthorized endpoint onto the network. Depending on the critical nature of the authorization failure (e.g., virus detected) this type of access could place the enclave at risk. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2016-03-28 |
Details
| Check Text ( C-22634r1_chk ) |
|---|
| Verify compliance by interviewing the NSO. The configuration of the policy enforcement device should also be examined. There are several ways to achieve compliance. In each case, the endpoint should not receive an IP address that can be used on the trusted side of the network. A DMZ, VLAN, or direct host-host communications may be used. |
| Fix Text (F-19547r1_fix) |
|---|
| Ensure that endpoints accessing the remediation server will not have access to other network resources that are not part of the remediation process. |