The network element must route all remote access traffic through managed access control points.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000064-RTR-NA	SRG-NET-000064-RTR-NA	SRG-NET-000064-RTR-NA_rule		Medium

Description
Remote access services enable users outside of the enclave to have access to data and services within the private network. In many instances these connections traverse the Internet. Regardless of the backbone networks used for transit between the user end-point and the remote access server (VPN appliance, firewall, ISDN), remote connections must be secured and must not be given direct access to the private network. Traffic between the remote access server and the private network must be secured. Therefore, the remote access server must forward traffic destined to the private network to the firewall interface inspecting all private network ingress traffic. This requirement is applicable to network architecture and is not applicable to the routing function.

Description

Remote access services enable users outside of the enclave to have access to data and services within the private network. In many instances these connections traverse the Internet. Regardless of the backbone networks used for transit between the user end-point and the remote access server (VPN appliance, firewall, ISDN), remote connections must be secured and must not be given direct access to the private network. Traffic between the remote access server and the private network must be secured. Therefore, the remote access server must forward traffic destined to the private network to the firewall interface inspecting all private network ingress traffic. This requirement is applicable to network architecture and is not applicable to the routing function.

STIG	Date
Router Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000064-RTR-NA_chk )
This requirement is NA for router.

Fix Text (F-SRG-NET-000064-RTR-NA_fix)
This requirement is NA for router.