STIGQter: STIG Summary: Virtual Private Network (VPN) Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The VPN Gateway must authenticate all network-connected endpoint devices before establishing a connection.

DISA Rule

SV-207241r608988_rule

Vulnerability Number

V-207241

Group Title

SRG-NET-000343

Rule Version

SRG-NET-000343-VPN-001370

Severity

CAT II

CCI(s)

• CCI-001958 - The information system authenticates an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection.

Weight

10

Fix Recommendation

Configure the VPN Gateway to authenticate all network-connected endpoint devices before establishing a connection.

Check Contents

Verity the VPN Gateway authenticates all network-connected endpoint devices before establishing a connection.

If the VPN Gateway does not authenticate all network-connected endpoint devices before establishing a connection, this is a finding.

Vulnerability Number

V-207241

Documentable

False

Rule Version

SRG-NET-000343-VPN-001370

Severity Override Guidance

Verity the VPN Gateway authenticates all network-connected endpoint devices before establishing a connection.

If the VPN Gateway does not authenticate all network-connected endpoint devices before establishing a connection, this is a finding.

Check Content Reference

M

Target Key

2920

Comments