STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 1 hour ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Ivanti Policy Secure NDM Security Technical Implementation Guide

V-284544

CAT II (Medium)

The Ivanti Policy Secure must be configured to protect nonlocal maintenance sessions by separating the maintenance session from other network sessions with the system by logically separated communications paths.

Rule ID

SV-284544r1244957_rule

STIG

Ivanti Policy Secure NDM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-004192

Discussion

Nonlocal maintenance and diagnostic activities are conducted by individuals who communicate through either an external or internal network. Communications paths can be logically separated using encryption.

Check Content

1. In the Web UI, navigate to Administrators >> Admins Realms >> Admin Users >> Authentication Policy.
2. Click the configured admin realm being used for common access card (CAC)/public key infrastructure (PKI) token admin logins.
3. Click the "Authentication Policy" tab, then click "Source IP".

In "Administrator Sign in Port" if there are any ports selected for "Administrator Sign in" other than "Management Port", this is a finding.

Fix Text

1. In the Web UI, navigate to Administrators >> Admins Realms >> Admin Users >> Authentication Policy.
2. Click the configured admin realm used for CAC/PKI token admin logins.
3. Click the "Authentication Policy" tab, then click "Source IP".
4. In "Administrator Sign in Port" under Administrator Sign in Ports Select only the "Management Port".