EBRP-1 Remote Access for Privileged Functions
Overview
Remote access for privileged functions is discouraged, is permitted only for compelling operational needs, and is strictly controlled. In addition to EBRU-1, sessions employ security measures such as a VPN with blocking mode enabled. A complete audit trail of each remote session is recorded, and the IAM/IAO reviews the log for every remote session.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| CLASSIFIED SENSITIVE | High | Enclave Boundary Defense |
Details
| Threat |
|---|
| Remote access for privileged functions is especially dangerous due to the transmission of administer usernames and passwords over non-DoD media and devices. Â Compromised privileged credentials can cause network denial of service and of unauthorized use of sensitiv e DoD information. Proper security precautions such as correct use of VPN and auditing minimize the risk of network compromise and attack. |
| Guidance |
|---|
| 1. If needed for a compelling operational need, remote access for privileged functions shall be used only with VPN. 2. Auditing of each remote VPN session shall be enabled. 3. The IAM/IAO shall review the audit log for every remote session. 4. Refer to DoD or other applicable guidance for proper connection requirements and procedures. |
References
- CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
- DISA Network Infrastructure STIG, Version 6 Draft, 29 October 2004
- DISA Secure Remote Computing STIG, Version 1, Release 1, 14 February 2003
- DISA Enclave Security STIG, Version 2, Release 1, 01 July 2004