From Remote Endpoint STIG
Part of SRC-EPT-610 VPN client security
Associated with IA controls: ECSC-1
Without proper configuration control, security controls can become lessened on a remote access machine.
Verify the system’s user and advanced user rights policies are configured in accordance with DISA requirements to prevent users without administrative rights from installing or changing software or hardware configurations, which may adversely affect the security posture of the remote device. There are several ways to accomplish this item. Have the NSO demonstrate the site’s method for securing the VPN profile configuration. Since the VPN client software generally does not have a setting for preventing users from changing the settings, the most likely method used will be to enable the operating system policies to ensure the profile directory of the client software is enabled for read and execute only for ordinary users. Next, examine any procedures or remote access agreement that informs the user of this requirement. If the user is not informed of this requirement or if rights are not restricted to prevent installation of software or device drivers, this is a finding. Note: If the remote user has administrative rights, then this is a finding only if a written policy does not exist informing the user that changes must be pre-approved regardless of having administrative rights.
Ensure there is a configuration control process in place and is followed for VPN client configurations.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer