Ensure that when TLS VPN is used, endpoints that fail “required” critical endpoint security checks will receive either no access or only limited access.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19383	SRC-VPN-070	SV-21300r1_rule	ECSC-1	Low

Description
Remote endpoint devices requesting TLS portal access will either be disconnected or given limited access as designated by the DAA and system owner if the device fails the authentication or security assessment.

STIG	Date
Remote Access Policy STIG	2016-03-28

Details

Check Text ( C-23375r1_chk )
Verification will depend on the method used by the site to automate this functionality. Verify that end point failing to pass minimum and requried security configuration checks are not given full access to DoD non-public information with DAA approval. NOTE: The user will be presented with a limited portal which does not include access options for sensitive resources. (Required security checks will be identified and approved by the DAA or designated representative).

Check Text ( C-23375r1_chk )

Verification will depend on the method used by the site to automate this functionality. Verify that end point failing to pass minimum and requried security configuration checks are not given full access to DoD non-public information with DAA approval.

NOTE: The user will be presented with a limited portal which does not include access options for sensitive resources. (Required security checks will be identified and approved by the DAA or designated representative).

Fix Text (F-19955r1_fix)
Ensure end point failing to pass minimum and required security configuration checks are not given full access to DoD non-public information with DAA approval.