Skip to content

Virtual Private Network (VPN) Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The VPN Client must implement multifactor authentication for network access to nonprivileged accounts such that one of the factors is provided by a device separate from the system gaining access.

    <VulnDiscussion>Using an authentication device, such as a common access card (CAC) or token that is separate from the information system, ens...
    Rule Medium Severity
  • SRG-NET-000147

    <GroupDescription></GroupDescription>
    Group
  • The TLS VPN must be configured to use replay-resistant authentication mechanisms for network access to nonprivileged accounts.

    &lt;VulnDiscussion&gt;A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authen...
    Rule Medium Severity
  • SRG-NET-000147

    <GroupDescription></GroupDescription>
    Group
  • The IPsec VPN Gateway must use anti-replay mechanisms for security associations.

    &lt;VulnDiscussion&gt;Anti-replay is an IPsec security mechanism at a packet level, which helps to avoid unwanted users from intercepting and modif...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules