UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The VPN Gateway must notify the user, upon successful logon (access), of the organization-defined information to be included in addition to the date and time of the last logon (access).


Overview

Finding ID Version Rule ID IA Controls Severity
V-207232 SRG-NET-000330-VPN-001220 SV-207232r608988_rule Low
Description
Users need to be aware of activity that occurs regarding their account. Providing users with information deemed important by the organization may aid in the discovery of unauthorized access or thwart a potential attacker. Organizations should consider the risks to the specific information system being accessed and the threats presented by the device to the environment when configuring this option. An excessive or unnecessary amount of information presented to the user at logon is not recommended. This requirement applies to VPN gateways that have the concept of a user account and have the login function residing on the VPN gateway.
STIG Date
Virtual Private Network (VPN) Security Requirements Guide 2020-12-09

Details

Check Text ( C-7492r378317_chk )
Verity the VPN Gateway notifies the user, upon successful logon (access), of the organization-defined information to be included in addition to the date and time of the last logon (access).

If the VPN Gateway does not notify the user, upon successful logon (access), of the organization-defined information to be included in addition to the date and time of the last logon (access), this is a finding.
Fix Text (F-7492r378318_fix)
Configure the VPN Gateway to notify the user, upon successful logon (access), of the organization-defined information to be included in addition to the date and time of the last logon (access).