Remote/telework endpoints not capable (e.g., lacks enough memory or resources) of meeting the compliance requirements for anti-virus, firewall, and web browser configuration will not be permitted access to the DoD network.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19150 | SRC-EPT-080 | SV-20963r1_rule | Medium |
| Description |
|---|
| If the client is incapable of employing critical security protections then allowing access to that devices could expose the network to potentially significant risk. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2016-03-28 |
Details
| Check Text ( C-22785r1_chk ) |
|---|
| Interview the IAO. Ask if devices are permitted either through Service Level Agreements or DoD-owned which do not have anti-virus, firewall, or cannot be configured to meet DoD requirements. If such devices are permitted, this is a finding. |
| Fix Text (F-19701r1_fix) |
|---|
| Ensure the DAA and system administrator have a policy that devices must contain anti-virus and firewall software which are compliant with DoD requirements of the Desktop STIG. |