The VPN Gateway must generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-207226 | SRG-NET-000234-VPN-000810 | SV-207226r803431_rule | CCI-001188 | medium |
| Description | ||||
| Both IPsec and TLS gateways use the RNG to strengthen the security of the protocols. Using a weak RNG will weaken the protocol and make it more vulnerable. | ||||
| STIG | Date | |||
| Virtual Private Network (VPN) Security Requirements Guide | 2024-12-19 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
SC-23(3)
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001188
1.00
- DISA · 3 · disa_xccdf · related
Details
Check Text (C-207226r803431_chk)
Verify the VPN Gateway generates unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.
If the VPN Gateway does not generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm, this is a finding.
Fix Text (F-7486r378300_fix)
Configure the VPN Gateway to generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.