The VPN Gateway must generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-207226	SRG-NET-000234-VPN-000810	SV-207226r803431_rule		Medium

Description

Both IPsec and TLS gateways use the RNG to strengthen the security of the protocols. Using a weak RNG will weaken the protocol and make it more vulnerable.

STIG	Date
Virtual Private Network (VPN) Security Requirements Guide	2024-12-19

Details

Check Text (C-7486r378299_chk)

Verify the VPN Gateway generates unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.

If the VPN Gateway does not generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm, this is a finding.

Fix Text (F-7486r378300_fix)

Configure the VPN Gateway to generate unique session identifiers using FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.