Navigate

Check: SRG-NET-000341-VPN-001350

Virtual Private Network (VPN) SRG: SRG-NET-000341-VPN-001350 (in versions v3 r3 through v2 r1)

Title

The VPN Gateway must accept the Common Access Card (CAC) credential. (Cat II impact)

Discussion

The use of Personal Identity Verification (PIV) credentials facilitates standardization and reduces the risk of unauthorized access. DoD has mandated the use of the CAC as the PIV credential to support identity management and personal authentication for systems covered under HSPD 12, as well as a primary component of layered protection for national security systems.

Check Content

Verify the VPN Gateway accepts PIV credentials. If the VPN Gateway does not accept the CAC credential, this is a finding.

Fix Text

Configure the VPN Gateway to accept the CAC credential.

Additional Identifiers

Rule ID: SV-207239r856712_rule

Vulnerability ID: V-207239

Group Title: SRG-NET-000341

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001953	Accept Personal Identity Verification-compliant credentials.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-2(12)	Acceptance of PIV Credentials