STIGQter: STIG Summary: Virtual Private Network (VPN) Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The VPN Gateway must protect log information from unauthorized read access if all or some of this data is stored locally.

DISA Rule

SV-207201r608988_rule

Vulnerability Number

V-207201

Group Title

SRG-NET-000098

Rule Version

SRG-NET-000098-VPN-000370

Severity

CAT III

CCI(s)

• CCI-000162 - The information system protects audit information from unauthorized access.

Weight

10

Fix Recommendation

Configure the VPN Gateway to protect log information from unauthorized read access if all or some of this data is stored locally.

Check Contents

Verify the VPN Gateway protects log information from unauthorized read access if all or some of this data is stored locally.

If the VPN Gateway does not protect log information from unauthorized read access if all or some of this data is stored locally, this is a finding.

Vulnerability Number

V-207201

Documentable

False

Rule Version

SRG-NET-000098-VPN-000370

Severity Override Guidance

Verify the VPN Gateway protects log information from unauthorized read access if all or some of this data is stored locally.

If the VPN Gateway does not protect log information from unauthorized read access if all or some of this data is stored locally, this is a finding.

Check Content Reference

M

Target Key

2920

Comments