The VPN Gateway must generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-207226 | SRG-NET-000234-VPN-000810 | SV-207226r803431_rule | CCI-001188 | medium |
| Description | ||||
| Both IPsec and TLS gateways use the RNG to strengthen the security of the protocols. Using a weak RNG will weaken the protocol and make it more vulnerable. | ||||
| STIG | Date | |||
| Virtual Private Network (VPN) Security Requirements Guide | 2024-12-19 | |||
Details
Check Text (C-207226r803431_chk)
Verify the VPN Gateway generates unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.
If the VPN Gateway does not generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm, this is a finding.
Fix Text (F-7486r378300_fix)
Configure the VPN Gateway to generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.