The VPN Gateway must use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-207261 | SRG-NET-000565-VPN-002390 | SV-207261r608988_rule | High |
| Description |
|---|
| Use of improperly configured or lower assurance equipment and solutions could compromise high-value information. The National Security Agency/Central Security Service's (NSA/CSS) CSfC Program enables commercial products to be used in layered solutions to protect classified National Security Systems (NSS) data. Currently, Suite B cryptographic algorithms are specified by the National Institute of Standards and Technology (NIST) and are used by NSA's Information Assurance Directorate in solutions approved for protecting classified and unclassified NSS. However, quantum resistant algorithms will be required for future Suite B implementations. |
| STIG | Date |
|---|---|
| Virtual Private Network (VPN) Security Requirements Guide | 2021-03-25 |
Details
| Check Text ( C-7521r378404_chk ) |
|---|
| Verify the VPN Gateway uses an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network. If the VPN Gateway does not use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network, this is a finding. |
| Fix Text (F-7521r378405_fix) |
|---|
| Configure the VPN Gateway to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network. |