Standard operating procedure for when federal employees (even the “special federal employees”) connect unauthorized devices to secure networks is to confiscate the device. Permanently.
You know the drill. Kill the server, extract the TPM keys (if applicable), yank the hard drives, and then nuke the rest of the server. Pass the keys and drives to forensics to check code and logs, and file the results as evidence for prosecution.
Seriously, there is no way that server met any of the DISA compliance requirements.
Standard operating procedure for when federal employees (even the “special federal employees”) connect unauthorized devices to secure networks is to confiscate the device. Permanently.
You know the drill. Kill the server, extract the TPM keys (if applicable), yank the hard drives, and then nuke the rest of the server. Pass the keys and drives to forensics to check code and logs, and file the results as evidence for prosecution.
Seriously, there is no way that server met any of the DISA compliance requirements.