Rule ID
SV-266999r1040763_rule
Version
V1R1
CCIs
CCI-001097
Remote access devices, such as those providing remote access to network devices and information systems, that lack automated capabilities increase risk and make remote user access management difficult at best. Remote access is access to DOD nonpublic information systems by an authorized user (or an information system) communicating through an external, nonorganization-controlled network. Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities of remote access capabilities from a variety of information system components (e.g., servers, workstations, notebook computers, smartphones, and tablets).
Verify the AOS configuration with the following commands: show running-config | include default-gateway show running-config | include "ipv4 route" show running-config | include "ipv6 route" If any routes exist that do not route sessions to an IDPS for inspection, this is a finding.
Configure AOS with the following commands: configure terminal ip default-gateway <ipv4> ipv6 default-gateway <ipv6> ip route <A.B.C.D IPv4 network> <A.B.C.D netmask> <A.B.C.D nexthop> <cost> ipv6 route <X:X:X:X::X IPv6 network/prefix> <X:X:X:X::X nexthop> <cost> write memory