STIGQter: STIG Summary: Virtual Private Network (VPN) Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The VPN Gateway must limit the number of concurrent sessions for user accounts to 1 or to an organization-defined number.

DISA Rule

SV-207189r608988_rule

Vulnerability Number

V-207189

Group Title

SRG-NET-000053

Rule Version

SRG-NET-000053-VPN-000170

Severity

CAT II

CCI(s)

• CCI-000054 - The information system limits the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number of sessions.

Weight

10

Fix Recommendation

Configure the VPN Gateway to limit the number of concurrent sessions for user accounts to 1 or to an organization-defined number, as documented in the SSP.

Check Contents

Inspect the VPN Gateway configuration. Verify the number of concurrent sessions for user accounts to 1 or to an organization-defined number (defined in the SSP).

If the VPN Gateway does not limit the number of concurrent sessions for user accounts to 1 or to an organization-defined number, this is a finding.

Vulnerability Number

V-207189

Documentable

False

Rule Version

SRG-NET-000053-VPN-000170

Severity Override Guidance

Inspect the VPN Gateway configuration. Verify the number of concurrent sessions for user accounts to 1 or to an organization-defined number (defined in the SSP).

If the VPN Gateway does not limit the number of concurrent sessions for user accounts to 1 or to an organization-defined number, this is a finding.

Check Content Reference

M

Target Key

2920

Comments