Ensure remote endpoints that are owned, controlled, and/or managed by DoD for processing or accessing DoD sensitive, non-public assets and comply the requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19140 | SRC-EPT-050 | SV-20953r1_rule | Medium |
| Description |
|---|
| Unmanaged endpoints must be configured according to the organization's security policy and standards before these devices can be allowed access to even the most non-sensitive areas of the network such as the DMZ. Unmanaged endpoints will never be allowed to traverse or access to the protected inner enclave regardless of configuration. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2016-03-28 |
Details
| Check Text ( C-22760r1_chk ) |
|---|
| Inspect a copy of the site’s remote user agreement and Service Level Agreements. Verify one of these documents include the requirements as follows: – Are approved by the DAA; – Use devices that are capable of complying with applicable STIG requirements to the greatest extent possible (i.e., comply with all CAT 1 requirements applicable to the OS and other technology used); 1. The owner signs forfeiture agreement in case of a security incident; 2. The security policy on the device is actively scanned prior to allowing access to the DoD Enclave by the IAO; and 3. Full access to the DoD internal protected enclave is not permitted. Access will be restricted to a limited access subnet. |
| Fix Text (F-19691r1_fix) |
|---|
| If unmanaged endpoints are used, ensure required documentation and agreements are completed in compliance with this requirement |