Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Ivanti Connect Secure VPN Security Technical Implementation Guide
SRG-NET-000078-VPN-000290
SRG-NET-000078-VPN-000290
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-NET-000078-VPN-000290
1 Rule
<GroupDescription></GroupDescription>
The ICS must be configured to generate log records containing sufficient information about where, when, identity, source, or outcome of the events.
Low Severity
<VulnDiscussion>Without establishing when events occurred, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack. VPN gateways often have a separate audit log for capturing VPN status and other information about the traffic (as opposed to the log capturing administrative and configuration actions). Associating event types with detected events in the network audit logs provides a means of investigating an attack, recognizing resource utilization or capacity thresholds, or identifying an improperly configured VPN gateway. Satisfies: SRG-NET-000078-VPN-000290, SRG-NET-000079-VPN-000300, SRG-NET-000088-VPN-000310, SRG-NET-000089-VPN-000330, SRG-NET-000091-VPN-000350, SRG-NET-000077-VPN-000280, SRG-NET-000313-VPN-001050, SRG-NET-000492-VPN-001980</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>