Skip to content
Log In

Virtual Private Network (VPN) Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-NET-000337

    Group
    Show

  • The VPN Gateway must renegotiate the IKE security association (SA) after eight hours or less.

    When a VPN gateway creates an IPsec SA, resources must be allocated to maintain the SA. These resources are wasted during periods of IPsec endpoint inactivity, which could result in the gateway’s i...
    Rule Medium Severity
    Show

  • SRG-NET-000341

    Group
    Show

  • The VPN Gateway must accept the Common Access Card (CAC) credential.

    The use of Personal Identity Verification (PIV) credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC as the PIV credential to su...
    Rule Medium Severity
    Show

  • SRG-NET-000342

    Group
    Show

  • The VPN Gateway must electronically verify the Common Access Card (CAC) credential.

    DoD has mandated the use of the CAC as the Personal Identity Verification (PIV) credential to support identity management and personal authentication for systems covered under HSPD 12, as well as a...
    Rule Medium Severity
    Show

  • SRG-NET-000343

    Group
    Show

  • The VPN Gateway must authenticate all network-connected endpoint devices before establishing a connection.

    Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. For distributed architectures (e.g., service-oriented architectures), th...
    Rule Medium Severity
    Show

  • SRG-NET-000352

    Group
    Show

  • The VPN Gateway must use an approved Commercial Solution for Classified (CSfC) when transporting classified traffic across an unclassified network.

    Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The National Security Agency/Central Security Service's (NSA/CSS) CSfC Program enables co...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules