Ensure an NSA certified remote access security solution (e.g., HARA) is used for remote access to a classified network and will only be used from an approved location.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19151 | SRC-EPT-030 | SV-20964r1_rule | High |
| Description |
|---|
| Use of improperly configured or lower assurance equipment and solutions could compromise high value information. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2016-03-28 |
Details
| Check Text ( C-22786r1_chk ) |
|---|
| Verify use of NSA certified equipment and architecture by asking the site representative to demonstrate the products and encryption used. Verify compliance with the following requirements: – The solution is used in accordance with all NSA and DOD policy and guidelines. – The solution will use a High Assurance (Type 1) Link Encryptor to provide high assurance link protection (confidentiality, integrity, and authentication), using NSA-certified cryptographic components, between the remote user and DOD enclaves or other computing environments. A High Assurance (Type 1) Media Encryptor to provide high assurance protection (confidentiality and integrity), using NSA-certified cryptographic components, to a remote user’s hard-drive and removable media. – The NSA Type 1 link encryption device is kept in the user’s possession at all times or stored in accordance with policy applicable to classified storage. – The NSA Type 1 link encryption device is stored separately from the computer when not in use. |
| Fix Text (F-19702r1_fix) |
|---|
| Ensure use of compliant architechture and equipment. |