UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The TLS VPN must be configured to limit authenticated client sessions to initial session source IP.


Overview

Finding ID Version Rule ID IA Controls Severity
V-264335 SRG-NET-000019-VPN-002435 SV-264335r984341_rule Medium
Description
Limiting authenticated client sessions to the initial session source IP for TLS VPNs is a safeguard against session hijacking, replay, and man-in-the-middle attacks, maintaining integrity and confidentiality of communication between clients and servers.
STIG Date
Virtual Private Network (VPN) Security Requirements Guide 2024-07-02

Details

Check Text ( C-68248r984339_chk )
Verify the TLS VPN Gateway limits authenticated client sessions to initial session source IP.

If the TLS VPN Gateway does not limit authenticated client sessions to initial session source IP, this is a finding.
Fix Text (F-68156r984340_fix)
Configure the TLS VPN Gateway to limit authenticated client sessions to initial session source IP.