An error occurred:

Check: SRG-NET-000234-VPN-000810

Virtual Private Network (VPN) SRG: SRG-NET-000234-VPN-000810 (in versions v3 r3 through v1 r0.1)

Title

The VPN Gateway must generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm. (Cat II impact)

Discussion

Both IPsec and TLS gateways use the RNG to strengthen the security of the protocols. Using a weak RNG will weaken the protocol and make it more vulnerable.

Check Content

Verify the VPN Gateway generates unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm. If the VPN Gateway does not generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm, this is a finding.

Fix Text

Configure the VPN Gateway to generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.

Additional Identifiers

Rule ID: SV-207226r803431_rule

Vulnerability ID: V-207226

Group Title: SRG-NET-000234

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001188

Generate a unique session identifier for each session with organization-defined randomness requirements.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-23(3)

Unique Session Identifiers with Randomization