Remote access host integrity checks will incorporate settings and policies as required.

From Remote Access Server STIG

Part of SRC-NET-090 Required host integrity checks

Associated with IA controls: ECSC-1

SV-23845r2_rule Remote access host integrity checks will incorporate settings and policies as required.

Vulnerability discussion

The access control policy will be integrated with endpoint security controls. Users accessing from untrusted devices such as kiosks, personaly owned, or unmanaged devices may require active content in the client Web Browser which clears the cache or remove files, cookies, and session information. For example, users detected as accessing from a kiosk may be subjected to a host integrity check prior to authentication in order to guard against keystroke loggers. Consideration should also be taken for emergency and disaster recovery. Remote access for remote reset or for special circumstances should be considered.

Check content

Work with the SA to examine the policies for the host integrity setting. Ensure there are settings and policies applicable to the listed compliance areas. Verify the following settings: - Sensitivity of information accessed such as public, non-public, administrator, classified; - Authentication method used (PKI, password, open); - User identification and authorization; - Type of user such as mobile, teleworker from home, remote DoD site enclave user, or contractor site; - Endpoint type and location (laptop, PDA, virtual, managed/unmanaged; - Other (browser type, day/time, accessed resource type).

Fix text

Ensure remote access host integrity check is compliant.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer