STIGQter: STIG Summary: Virtual Private Network (VPN) Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The IPsec VPN Gateway Internet Key Exchange (IKE) must use cryptography that is compliant with Suite B parameters when transporting classified traffic across an unclassified network.

DISA Rule

SV-207262r608988_rule

Vulnerability Number

V-207262

Group Title

SRG-NET-000565

Rule Version

SRG-NET-000565-VPN-002400

Severity

CAT I

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Configure the IPsec VPN Gateway Internet Key Exchange (IKE) to use cryptography that is compliant with Suite B parameters when transporting classified traffic across an unclassified network.

Check Contents

Verify the IPsec VPN Gateway Internet Key Exchange (IKE) uses cryptography that is compliant with Suite B parameters when transporting classified traffic across an unclassified network.

If the IPsec VPN Gateway Internet Key Exchange (IKE) does not use cryptography that is compliant with Suite B parameters when transporting classified traffic across an unclassified network, this is a finding.

Vulnerability Number

V-207262

Documentable

False

Rule Version

SRG-NET-000565-VPN-002400

Severity Override Guidance

Verify the IPsec VPN Gateway Internet Key Exchange (IKE) uses cryptography that is compliant with Suite B parameters when transporting classified traffic across an unclassified network.

If the IPsec VPN Gateway Internet Key Exchange (IKE) does not use cryptography that is compliant with Suite B parameters when transporting classified traffic across an unclassified network, this is a finding.

Check Content Reference

M

Target Key

2920

Comments