STIGQter: STIG Summary: Virtual Private Network (VPN) Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Remote Access VPN Gateway must use a separate authentication server (e.g., LDAP, RADIUS, TACACS+) to perform user authentication.

DISA Rule

SV-207216r608988_rule

Vulnerability Number

V-207216

Group Title

SRG-NET-000166

Rule Version

SRG-NET-000166-VPN-000580

Severity

CAT II

CCI(s)

• CCI-000187 - The information system, for PKI-based authentication, maps the authenticated identity to the account of the individual or group.

Weight

10

Fix Recommendation

Configure the Remote Access VPN Gateway to use a separate authentication server (e.g., LDAP, RADIUS, TACACS+) to perform user authentication.

Check Contents

Verify the Remote Access VPN Gateway is configured to use a physically separate authentication server (e.g., LDAP, RADIUS, TACACS+) to perform user authentication.

If the Remote Access VPN Gateway does not use a separate authentication server (e.g., LDAP, RADIUS, TACACS+) to perform user authentication, this is a finding.

Vulnerability Number

V-207216

Documentable

False

Rule Version

SRG-NET-000166-VPN-000580

Severity Override Guidance

Verify the Remote Access VPN Gateway is configured to use a physically separate authentication server (e.g., LDAP, RADIUS, TACACS+) to perform user authentication.

If the Remote Access VPN Gateway does not use a separate authentication server (e.g., LDAP, RADIUS, TACACS+) to perform user authentication, this is a finding.

Check Content Reference

M

Target Key

2920

Comments