Check: SRG-APP-000017-MAPP-NA
Mobile Application SRG:
SRG-APP-000017-MAPP-NA
(in version v1 r1)
Title
Applications providing remote access must have capabilities that allow all remote access to be routed through managed access control points. (Cat II impact)
Discussion
This requirement relates to the use of applications providing remote access services. Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet). Examples of remote access methods include dial-up, broadband, and wireless. Remote network access is accomplished by leveraging common communication protocols and establishing a remote connection. These connections will typically occur over either the public Internet or the Public Switched Telephone Network (PSTN). Please note, utilization of a virtual private network when adequately provisioned with appropriate security controls, is considered an internal network and is not considered remote access. Without centralized control of inbound connections, management of these access points is difficult at best. It is critical that applications providing or offering remote access capabilities also have the capability to route the access through managed access control points. One example is the use of software applications, such as PCAnywhere or Terminal Services. Rather than having PCAnywhere installed on multiple systems, remote access software must have the capability to be centrally managed and controlled so there are not multiple disparate access points into the environment. Applications providing remote access must have capabilities that allow all remote access to be routed through managed access control points. Rationale for non-applicability: Mobile applications that support remote access to the mobile device are outside the scope of this SRG. Applications supporting remote access to the mobile device are not permitted on DoD CMD, with the exception of native OS support for personal hotspots and USB tethering that is compliant with the MOS SRG.
Check Content
This requirement is NA for the MAPP SRG.
Fix Text
The requirement is NA. No fix is required.
Additional Identifiers
Rule ID: SV-46400r1_rule
Vulnerability ID: V-35113
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000069 |
The information system routes all remote accesses through an organization-defined number of managed network access control points. |
Controls
Number | Title |
---|---|
AC-17 (3) |
Managed Access Control Points |