STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 1 hour ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to STIGs

Ivanti Policy Secure NAC Security Technical Implementation Guide

Version

V1R1

Release Date

Jul 9, 2026

SCAP Benchmark ID

Ivanti_PS_NAC

Total Checks

8

Tags

other
CAT I: 2CAT II: 6CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of War (DoW) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (8)

V-284581HIGHThe Ivanti Policy Secure NAC must enforce approved access by employing preadmissions assessment filters as defined in the NAC System Security Plan (SSP).V-284582HIGHThe Ivanti Policy Secure NAC must enforce approved access by employing post-admissions assessment filters as defined in the NAC System Security Plan (SSP).V-284583MEDIUMThe Ivanti Policy Secure NAC must be configured to only allow users with a client-side certificate signed by Trusted Client Certificate Authorities (CAs) to sign in.V-284586MEDIUMThe Ivanti Policy Secure NAC must be configured to redirect endpoints to a logically separate VLAN for remediation services for endpoints that require automated remediation.V-284587MEDIUMThe Ivanti Policy Secure NAC must be configured to apply dynamic ACLs that restrict the use of resources when nonentity endpoints are connected using MAC Authentication Bypass (MAB).V-284588MEDIUMThe Ivanti Policy Secure NAC must configure maximum number of sessions per user for all user realms.V-285223MEDIUMThe Ivanti Policy Secure NAC must be configured to notify the user before proceeding with remediation of the user's endpoint device when automated remediation is used.V-285224MEDIUMThe Ivanti Policy Secure NAC must be configured to terminate the session or redirect the endpoint to the remediation VLAN when a device requesting access fails the Host Checker policy checks.