04-13-2020 05:20 AM
Hello,
I'm trying to complete the newly published VPN Gateway STIG on a freshly deployed remote access VPN deployment - most items can be closed via specific references to actual system settings... A few of the remaining items are more system build as I read them and I require some direction to provide the correct setting/wording please.
1) The VPN Gateway must generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.
2) Verify the VPN Gateway is configured to fail to a secure state if system initialization fails, shutdown fails, or aborts fail
3) Verify the VPN Gateway invalidates session identifiers upon user logoff or other session termination.
4) Verify the VPN Gateway recognizes only system-generated session identifiers.
I have been unable to find specific documentation relative to the ASA 5516 headend device or the AnyConnect client software providing information on the above - any help or direction to documentation is appreciated.
Best,
-Bill
06-02-2020 10:38 AM
Hello Bill did you ever get any input from your post? I am also looking for the same input for an RMF evaluation we are currently going through.
thanks
greg
08-18-2020 07:01 AM
Bill,
3.) You can artifact the monitor session of a user logoff.
4.) I just used a monitor session for this one as well for some user VPN connections and Admin management sessions.
I'm in the same boat as you though for 1 & 2. I think I will open a TAC Case for them.
Jay Knight
12-13-2020 10:49 AM
Did you ever figure out 1 and 2?
12-14-2020 06:18 AM
12-14-2020 07:13 AM
awesome sauce. thanks everyone!!! have a safe holliday!!
greg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide