STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

Tunneling of classified traffic across an unclassified IP transport network must employ cryptographic algorithms in accordance with CNSS Policy No. 15.

DISA Rule

SV-15499r2_rule

Vulnerability Number

V-14743

Group Title

Type 1 cryptography is not employed to secure data

Rule Version

NET-TUNL-031

Severity

CAT II

CCI(s)

• CCI-002396 - The organization protects the confidentiality and integrity of the information being transmitted across each interface for each external telecommunication service.
• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

Configure the tunnel used for transporting classified traffic across an unclassified IP transport network to negotiate with the remote end point to employ cryptographic algorithms in accordance with CNSS Policy No. 15.

Check Contents

Review the configuration of the IPsec VPN gateway and verify that the tunnel provisioned for transporting classified traffic across an unclassified IP transport network is using cryptographic algorithms in accordance with CNSS Policy No. 15.

If cryptographic algorithms used for tunneling classified traffic across an unclassified network are not in accordance with CNSS Policy No. 15, this is a finding.

Vulnerability Number

V-14743

Documentable

False

Rule Version

NET-TUNL-031

Severity Override Guidance

Review the configuration of the IPsec VPN gateway and verify that the tunnel provisioned for transporting classified traffic across an unclassified IP transport network is using cryptographic algorithms in accordance with CNSS Policy No. 15.

If cryptographic algorithms used for tunneling classified traffic across an unclassified network are not in accordance with CNSS Policy No. 15, this is a finding.

Check Content Reference

M

Target Key

838

Comments