UCF STIG Viewer Logo

The VPN Gateway must be configured to use IPsec with SHA-2 or greater for hashing to protect the integrity of remote access sessions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-207192 SRG-NET-000063-VPN-000220 SV-207192r803421_rule Medium
Description
Without strong cryptographic integrity protections, information can be altered by unauthorized users without detection. SHA-1 is considered a compromised hashing standard and is being phased out of use by industry and Government standards. DoD systems must not be configured to use SHA-1 for integrity of remote access sessions. The remote access VPN provides access to DoD non-public information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network.
STIG Date
Virtual Private Network (VPN) Security Requirements Guide 2021-09-27

Details

Check Text ( C-7452r803419_chk )
Verify the VPN Gateway uses IPsec with SHA-2 or greater for hashing to protect the integrity of remote access sessions.

If the VPN Gateway does not use IPsec with SHA-2 or greater for hashing to protect the integrity of remote access sessions, this is a finding.
Fix Text (F-7452r803420_fix)
Configure the VPN Gateway to use IPsec with SHA-2 or greater for hashing to protect the integrity of remote access sessions.