The VPN Gateway must notify the user, upon successful logon (access), of the organization-defined information to be included in addition to the date and time of the last logon (access).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-207232 | SRG-NET-000330-VPN-001220 | SV-207232r608988_rule | Low |
| Description |
|---|
| Users need to be aware of activity that occurs regarding their account. Providing users with information deemed important by the organization may aid in the discovery of unauthorized access or thwart a potential attacker. Organizations should consider the risks to the specific information system being accessed and the threats presented by the device to the environment when configuring this option. An excessive or unnecessary amount of information presented to the user at logon is not recommended. This requirement applies to VPN gateways that have the concept of a user account and have the login function residing on the VPN gateway. |
| STIG | Date |
|---|---|
| Virtual Private Network (VPN) Security Requirements Guide | 2021-09-27 |
Details
| Check Text ( C-7492r378317_chk ) |
|---|
| Verity the VPN Gateway notifies the user, upon successful logon (access), of the organization-defined information to be included in addition to the date and time of the last logon (access). If the VPN Gateway does not notify the user, upon successful logon (access), of the organization-defined information to be included in addition to the date and time of the last logon (access), this is a finding. |
| Fix Text (F-7492r378318_fix) |
|---|
| Configure the VPN Gateway to notify the user, upon successful logon (access), of the organization-defined information to be included in addition to the date and time of the last logon (access). |