Our PCI scan vendor has recently began flagging the outside interfaces of all of our firewalls that have AnyConnect enabled on them. Does anyone know if there is a way to enable HSTS on AnyConnect / WebVPN or the outside interface?
Go to Solution.
Show me anywhere in the PCI standard that requires this. You wont be able to. You don't require this to be PCI compliant.
Here is the US Government's FIPS140-2 certificate for AnyConnect.
Being certified to FIPS140-2 security standards for cryptography - I think more than trumps your scan saying it is insecure.
View solution in original post
Anyconnect will only run over an encrypted channel - by design. That is the whole point of it.
You don't have anything to worry about in this regard.