Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • The Cisco ASA remote access VPN server must be configured to enforce certificate-based authentication before granting access to the network.

    <VulnDiscussion>To assure accountability and prevent unauthenticated access, non-privileged users must utilize multifactor authentication to ...
    Rule High Severity
  • SRG-NET-000166-VPN-000590

    <GroupDescription></GroupDescription>
    Group
  • The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client’s certificate to entries in the authentication server to determine authorization to access the network.

    &lt;VulnDiscussion&gt;Without mapping the certificate used to authenticate to the user account, the ability to determine the identity of the indivi...
    Rule Medium Severity
  • SRG-NET-000041-VPN-000110

    <GroupDescription></GroupDescription>
    Group
  • The Cisco ASA remote access VPN server must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the network.

    &lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the network ensures privacy and security no...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules