Check: JIE-ERA-000011
JIE Enterprise Remote Access STIG:
JIE-ERA-000011
(in version v1 r1)
Title
The JIE Enterprise Remote Access (ERA) solution must authenticate remote access users using the JIE IdAM or JMN IdAM (JIS) prior to allowing access to JIE systems. (Cat II impact)
Discussion
To assure accountability and prevent unauthenticated access, users must utilize multifactor authentication to prevent potential misuse and compromise of the system. JMN IdAM (JIS) contains administrator account for managed elements in the JIE ERA solution. The JIE IdAM contains user accounts for users on the JIE Production Network, including remote users who use the JIE ERA solution for access.
Check Content
Verify the JIE ERA solution is configured to use the JIE IdAM or JIS authentication servers to authenticate remote access users prior to allowing access to JIE systems. If the JIE ERA solution does not use the JIE IdAM or JIS for remote user authentication, this is a finding.
Fix Text
Configure the JIE ERA solution VPN, SSL gateway, or other remote access gateway to authenticate remote users using the JIE IdAM or JIS prior to allowing access to JIE systems.
Additional Identifiers
Rule ID: SV-81725r1_rule
Vulnerability ID: V-67235
Group Title: JIE-ERA-000011
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000187 |
For public key-based authentication, map the authenticated identity to the account of the individual or group. |
| CCI-000765 |
Implement multifactor authentication for access to privileged accounts. |
| CCI-000766 |
Implement multifactor authentication for access to non-privileged accounts. |