Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19150 | SRC-EPT-080 | SV-20963r1_rule | Medium |
Description |
---|
If the client is incapable of employing critical security protections then allowing access to that devices could expose the network to potentially significant risk. |
STIG | Date |
---|---|
Remote Access Policy STIG | 2016-03-28 |
Check Text ( C-22785r1_chk ) |
---|
Interview the IAO. Ask if devices are permitted either through Service Level Agreements or DoD-owned which do not have anti-virus, firewall, or cannot be configured to meet DoD requirements. If such devices are permitted, this is a finding. |
Fix Text (F-19701r1_fix) |
---|
Ensure the DAA and system administrator have a policy that devices must contain anti-virus and firewall software which are compliant with DoD requirements of the Desktop STIG. |