STIGQter: STIG Summary: Virtual Private Network (VPN) Security Requirements Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The site-to-site VPN, when using PKI-based authentication for devices, must enforce authorized access to the corresponding private key.

DISA Rule

SV-207215r608988_rule

Vulnerability Number

V-207215

Group Title

SRG-NET-000165

Rule Version

SRG-NET-000165-VPN-000570

Severity

CAT II

CCI(s)

• CCI-000186 - The information system, for PKI-based authentication, enforces authorized access to the corresponding private key.

Weight

10

Fix Recommendation

Configure the site-to-site VPN that uses certificate-based device authentication to use a FIPS-compliant key management process.

Check Contents

If PKI-based authentication is not being used for device authentication, this is not applicable.

Verify the site-to-site VPN that uses certificate-based device authentication uses a FIPS-compliant key management process.

If the site-to-site VPN that uses certificate-based device authentication does not use a FIPS-compliant key management process, this is a finding.

Vulnerability Number

V-207215

Documentable

False

Rule Version

SRG-NET-000165-VPN-000570

Severity Override Guidance

If PKI-based authentication is not being used for device authentication, this is not applicable.

Verify the site-to-site VPN that uses certificate-based device authentication uses a FIPS-compliant key management process.

If the site-to-site VPN that uses certificate-based device authentication does not use a FIPS-compliant key management process, this is a finding.

Check Content Reference

M

Target Key

2920

Comments