The Remote Access VPN Gateway and/or client must enforce a policy to retain the Standard Mandatory DOD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.

The user must acknowledge the banner before being allowed access to the network. This provides assurance that the user has seen the message and accepted the conditions for access. If the user does not acknowledge the consent banner, DOD will not be in compliance with system use notifications required by law. In most VPN implementations, the banner is configured in the management backplane (NDM SRG) and serves as the presentation for the VPN client connection as well as for administrator logon to the device management tool/backplane. This requirement remains applicable for Always-on. Consult the product-specific STIG or vendor documentation for specific configuration. To establish acceptance of the application usage policy, a click-through banner at application logon is required. The VPN gateway must prevent further activity until the user executes a positive action to manifest agreement by clicking on a box indicating "OK". This applies to gateways that have the concept of a user account and have the logon function residing on the gateway or the gateway acts as a user intermediary.