Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19151 | SRC-EPT-030 | SV-20964r1_rule | High |
Description |
---|
Use of improperly configured or lower assurance equipment and solutions could compromise high value information. |
STIG | Date |
---|---|
Remote Access Policy STIG | 2016-03-28 |
Check Text ( C-22786r1_chk ) |
---|
Verify use of NSA certified equipment and architecture by asking the site representative to demonstrate the products and encryption used. Verify compliance with the following requirements: – The solution is used in accordance with all NSA and DOD policy and guidelines. – The solution will use a High Assurance (Type 1) Link Encryptor to provide high assurance link protection (confidentiality, integrity, and authentication), using NSA-certified cryptographic components, between the remote user and DOD enclaves or other computing environments. A High Assurance (Type 1) Media Encryptor to provide high assurance protection (confidentiality and integrity), using NSA-certified cryptographic components, to a remote user’s hard-drive and removable media. – The NSA Type 1 link encryption device is kept in the user’s possession at all times or stored in accordance with policy applicable to classified storage. – The NSA Type 1 link encryption device is stored separately from the computer when not in use. |
Fix Text (F-19702r1_fix) |
---|
Ensure use of compliant architechture and equipment. |