Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Resources
Documents
Publishers
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Virtual Private Network (VPN) Security Requirements Guide
SRG-NET-000042
SRG-NET-000042
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-NET-000042
1 Rule
The Remote Access VPN Gateway and/or client must enforce a policy to retain the Standard Mandatory DOD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.
Medium Severity
The user must acknowledge the banner before being allowed access to the network. This provides assurance that the user has seen the message and accepted the conditions for access. If the user does not acknowledge the consent banner, DOD will not be in compliance with system use notifications required by law. In most VPN implementations, the banner is configured in the management backplane (NDM SRG) and serves as the presentation for the VPN client connection as well as for administrator logon to the device management tool/backplane. This requirement remains applicable for Always-on. Consult the product-specific STIG or vendor documentation for specific configuration. To establish acceptance of the application usage policy, a click-through banner at application logon is required. The VPN gateway must prevent further activity until the user executes a positive action to manifest agreement by clicking on a box indicating "OK". This applies to gateways that have the concept of a user account and have the logon function residing on the gateway or the gateway acts as a user intermediary.