Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Ensure that prior to purchasing a TLS VPN, the system has the capability to require RSA key establishment.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19381 | SRC-VPN-050 | SV-21298r1_rule | ECSC-1 | Low |
| Description |
|---|
| NOTE: TLS 1.0 and later uses the ephemeral Diffie-Hellman key establishment method, but this does not meet the requirements of NIST SP 800-56A. NIST has granted a waiver from this requirement for systems using SSL until the end of 2010 and this may be extended indefinitely. However, the current requirement for SSL key establishment now and beyond 2010 is the RSA method. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2015-09-16 |
Details
| Check Text ( C-23373r1_chk ) |
|---|
| Ask the site representative for documentation or verify by inspecting the TLS configuration application. NOTE: The systems may use the NIST-preferred method of ephemeral Diffie-Helman, but new systems will have the capability to use RSA. |
| Fix Text (F-19953r1_fix) |
|---|
| Ensure newly purchased systems have the capability to perform RSA key establishment. |