Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19139 | SRC-EPT-040 | SV-20952r1_rule | Low |
Description |
---|
Lack of user training and understanding of responsibilities to safeguard wireless technology are a significant vulnerability to the enclave. Once policies are established, users must be trained to meet these requirements or the risk to the network remains. User agreements are particularly important for mobile and remote users since there is a high risk of loss, theft, or compromise, thus, this signed agreement is a good best practice to help ensure the site is confirming the user is aware of the risks and proper procedures. |
STIG | Date |
---|---|
Remote Access Policy STIG | 2016-03-28 |
Check Text ( C-22759r1_chk ) |
---|
Inspect a copy of the site’s user agreement. Verify the user agreement is signed by the remote users and has the minimum elements as follows: - The agreement will contain the type of access required by the user (i.e., privileged, end-user, remote access, wireless access, mobile access). - The agreement will contain the responsibilities, liabilities, and security measures (e.g., malicious code detection training) involved in the use of the remote access device. - Incident handling and reporting procedures are identified along with a designated point of contact. - The policy will contain general security requirements and practices and will be signed by the remote user. - If classified devices are used for remote access from an alternative work site, the remote user will adhere to DoD policy with regard to facility clearances, protection, storage, distributing, etc. - Government-owned hardware and software is used for official duty only. The employee is the only individual authorized to use this equipment. If site user agreements do not exist or are not compliant with the minimum requirements, this is a finding. |
Fix Text (F-19690r1_fix) |
---|
Develop documentation as required. |