Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Ivanti Connect Secure VPN Security Technical Implementation Guide
SRG-NET-000343-VPN-001370
SRG-NET-000343-VPN-001370
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-NET-000343-VPN-001370
1 Rule
<GroupDescription></GroupDescription>
The ICS must be configured to authenticate all clients before establishing a connection.
Medium Severity
<VulnDiscussion>Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. For ICS, user authentication uses authentication servers, realms, roles, and sign-in policies. To the device, both machine and user authentication are treated as user logins and certificates (machine certs and CAC) are supported for authentication. Although both machine and human users are considered "users" to the device. The system supports separating admin from user/computer authentication by duplicating auth servers and only associating a single server to an admin realm or a user realm but not both. This supports the DOD best practice of authenticating admin authentication using a separate authentication server from user authentication.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>