STIGQter: STIG Summary: Virtual Private Network (VPN) Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The IPsec VPN Gateway must use Internet Key Exchange (IKE) with SHA-1 or greater to protect the authenticity of communications sessions.

DISA Rule

SV-207223r608988_rule

Vulnerability Number

V-207223

Group Title

SRG-NET-000230

Rule Version

SRG-NET-000230-VPN-000780

Severity

CAT I

CCI(s)

• CCI-001184 - The information system protects the authenticity of communications sessions.

Weight

10

Fix Recommendation

Configure the IPsec VPN Gateway to use IKE with SHA1 or greater to protect the authenticity of communications sessions.

Check Contents

Verify the IPsec VPN Gateway uses IKE with SHA1 or greater to protect the authenticity of communications sessions.

If the IPsec VPN Gateway is not configured to use IKE with SHA1 or greater to protect the authenticity of communications sessions, this is a finding.

Vulnerability Number

V-207223

Documentable

False

Rule Version

SRG-NET-000230-VPN-000780

Severity Override Guidance

Verify the IPsec VPN Gateway uses IKE with SHA1 or greater to protect the authenticity of communications sessions.

If the IPsec VPN Gateway is not configured to use IKE with SHA1 or greater to protect the authenticity of communications sessions, this is a finding.

Check Content Reference

M

Target Key

2920

Comments