An error occurred:

Check: JIE-ERA-000060

JIE Enterprise Remote Access STIG: JIE-ERA-000060 (in version v1 r1)

Title

The JIE Enterprise Remote Access (ERA) solution must direct remote access using VPN for managing Criticality Level 3 JIE managed elements to a VPN gateway located within the EOC/JMN DMZ. (Cat I impact)

Discussion

The EOC/JMN DMZ will provide secured connectivity between the unclassified JMN and both the JIE Production Network, the JIE ERA Replication Network, and the Internet. These connections support situational awareness, patch management, incident management, and DCO-IDM services. The EOC/JMN DMZ is located in each EOC, between the JMN and the JIE Core. The EOC/JMN DMZ is not located at other JIE nodes that have JMN connectivity. The EOC/JMN DMZ securely bridges network connectivity into and out of the JMN, thus all DISN Core access will first traverse the EOC/JMN DMZ. Personnel must first establish a VPN connection from their external location in order to gain remote access to the JMN. The JIE Production Network and Internet connectivity will only be provided through the EOC/JMN DMZ. Local EOC operators, utilizing JMN operator workstations, must first use Virtual Desktop Infrastructure (VDI) or terminal services to access the EOC/JMN DMZ. Once these devices and services gain authorized access to the DMZ, they will then be able to obtain outbound access to the JIE Production Network and the Internet.

Check Content

Verify the JIE ERA solution includes a VPN concentrator is installed in the EOC/JMN DMZ to allow remote access between the unclassified JMN and both the JIE Production Network and the JIE Replication Network. If the JIE ERA solution includes a VPN concentrator is not installed in the EOC/JMN DMZ to allow remote access between the unclassified JMN and the JIE Production Network, the JIE Replication Network, and the Internet, this is a finding.

Fix Text

Direct remote access using VPN for managing Criticality Level 3 JIE managed elements to a VPN gateway installed in the EOC/JMN DMZ.

Additional Identifiers

Rule ID: SV-81689r1_rule

Vulnerability ID: V-67199

Group Title: JIE-ERA-000060

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001414

Enforce approved authorizations for controlling the flow of information between connected systems based on organization-defined information flow control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-4

Information Flow Enforcement