UCF STIG Viewer Logo

Ensure that prior to purchasing a TLS VPN, the system has the capability to require RSA key establishment.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19381 SRC-VPN-050 SV-21298r1_rule Low
Description
NOTE: TLS 1.0 and later uses the ephemeral Diffie-Hellman key establishment method, but this does not meet the requirements of NIST SP 800-56A. NIST has granted a waiver from this requirement for systems using SSL until the end of 2010 and this may be extended indefinitely. However, the current requirement for SSL key establishment now and beyond 2010 is the RSA method.
STIG Date
Remote Access Policy STIG 2016-03-28

Details

Check Text ( C-23373r1_chk )
Ask the site representative for documentation or verify by inspecting the TLS configuration application.

NOTE: The systems may use the NIST-preferred method of ephemeral Diffie-Helman, but new systems will have the capability to use RSA.
Fix Text (F-19953r1_fix)
Ensure newly purchased systems have the capability to perform RSA key establishment.