STIGQter: STIG Summary: Virtual Private Network (VPN) Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

For site-to-site VPN, for accounts using password authentication, the VPN Gateway must use FIPS-validated SHA-1 or later protocol to protect the integrity of the password authentication process.

DISA Rule

SV-207247r608988_rule

Vulnerability Number

V-207247

Group Title

SRG-NET-000400

Rule Version

SRG-NET-000400-VPN-001940

Severity

CAT II

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

For accounts using password authentication, configure the VPN Gateway to use FIPS-validated SHA-1 or later protocol to protect the integrity of the password authentication process.

Check Contents

For accounts using password authentication, verify the VPN Gateway uses FIPS-validated SHA-1 or later protocol to protect the integrity of the password authentication process.

For accounts using password authentication, if the VPN Gateway does not use FIPS-validated SHA-1 or later protocol to protect the integrity of the password authentication process, this is a finding.

Vulnerability Number

V-207247

Documentable

False

Rule Version

SRG-NET-000400-VPN-001940

Severity Override Guidance

For accounts using password authentication, verify the VPN Gateway uses FIPS-validated SHA-1 or later protocol to protect the integrity of the password authentication process.

For accounts using password authentication, if the VPN Gateway does not use FIPS-validated SHA-1 or later protocol to protect the integrity of the password authentication process, this is a finding.

Check Content Reference

M

Target Key

2920

Comments