UCF STIG Viewer Logo

EBVC-1 VPN Controls


All VPN traffic is visible to network intrusion detection systems (IDS).

MAC / CONF Impact Subject Area
Medium Enclave Boundary Defense


The use of VPN creates an environment where network traffic travels in and out of physical network boundaries.  Albeit relatively secure, allowing VPN connections introduces a point of entry into a network.  This tunnel into a system creates the potential for unauthorized and unwanted traffic entering or leaving the core network.  Ensuring all VPN traffic is visible to network IDS enables components to monitor this connection for anomalies.

1. Components shall ensure network intrusion detection systems (IDS) are positioned to monitor all VPN Traffic.
2. Refer to DoD or other applicable guidance for proper connection requirements and procedures.


  • CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
  • DISA Network Infrastructure STIG, Version 6 Draft, 29 October 2004
  • DISA Secure Remote Computing STIG, Version 1, Release 1, 14 February 2003
  • DISA Enclave Security STIG, Version 2, Release 1, 01 July 2004