STIGQter: STIG Summary: Virtual Private Network (VPN) Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

If the site-to-site VPN implementation uses L2TP, L2TPv3 sessions must be authenticated prior to transporting traffic.

DISA Rule

SV-207194r608988_rule

Vulnerability Number

V-207194

Group Title

SRG-NET-000075

Rule Version

SRG-NET-000075-VPN-000260

Severity

CAT II

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

10

Fix Recommendation

If the site-to-site VPN implementation uses L2TPv3, configure L2TPv3 sessions to authenticate the traffic before transit.

Check Contents

If L2TP communications protocol is not used, this is not applicable.

Verify L2TPv3 sessions are configured to authenticate the traffic before transit. L2TPv3 sessions must be authenticated prior to transporting traffic.

If L2TPv3 sessions do not require authentication, this is a finding.

Vulnerability Number

V-207194

Documentable

False

Rule Version

SRG-NET-000075-VPN-000260

Severity Override Guidance

If L2TP communications protocol is not used, this is not applicable.

Verify L2TPv3 sessions are configured to authenticate the traffic before transit. L2TPv3 sessions must be authenticated prior to transporting traffic.

If L2TPv3 sessions do not require authentication, this is a finding.

Check Content Reference

M

Target Key

2920

Comments