The remote access solution will be configured to authenticate (DOD PKI preferred) all endpoints requesting access to the network; to include mutual authentication between the remote access server device and the endpoint will be enforced prior to network admission.

Part of SRC-NET-030 Remote endpoint device authentication

Associated with IA controls: ECSC-1

SV-23759r1_rule The remote access solution will be configured to authenticate (DOD PKI preferred) all endpoints requesting access to the network; to include mutual authentication between the remote access server device and the endpoint will be enforced prior to network admission.

Vulnerability discussion

Remote access is a significant risk to the Enclave. Attackers can engage in remote exploits without traversing the physical security controls often in place at the site. Thus, stringent logical controls are needed to protect DoD assets. Both the device and the user must be both authenticated and authorized prior to allowing access. Device authentication may be performed in several ways but DoD-approved PKI is preferred.

Check content

Work with the system administrator to verify that device authentication is implemented. Also, verify that mutual authentication between the remote access gateway and the endpoint is implemented.

Fix text

Ensure device authentication and mutual authentication between the remote access gateway and the endpoint is implemented.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.