Information
This setting ensures that the Elections Management System (EMS) Gateway is only connected to the network when needed. For example, connect the system to the network (wired) when data is being transferred to or from the EMS Gateway or when updates to the operating system or applications/software are needed.
For updates, this should be done on a regular schedule, such as the third Tuesday of each month. This is one week after Microsoft releases monthly patches.
Connecting the system to the network only when needed will reduce the attack surface of the system as it not possible to attack/breach the system when it's not connected to the network.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Physically unplug the system from the network when not in use or actively being updated.
Impact:
The system user will have to physically plug the system into the network and depending on port security used, if the system is not connected for a certain period of time, the port could block the connection.