CASA-VN-000610 - The Cisco ASA remote access VPN server must be configured to generate unique session identifiers using a FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.

Information

Both IPsec and TLS gateways use the RNG to strengthen the security of the protocols. Using a weak RNG will weaken the protocol and make it more vulnerable.

Use of a FIPS validated RNG that is not DRGB mitigates to a CAT III.

Solution

Configure the ASA to have FIPS-mode enabled as shown in the example below.

ASA1(config)# fips enable
ASA1(config)# end

Note: FIPS mode change will not take effect until the configuration is saved and the device rebooted.

Item Details

Audit Name: DISA STIG Cisco ASA VPN v1r2

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Plugin: Cisco

Control ID: e729d67decc9343e85566b8dfa234d21c6c1172c8ea868ade4ba7408df70bfba

Detections

Analytics

CASA-VN-000610 - The Cisco ASA remote access VPN server must be configured to generate unique session identifiers using a FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.

Information

Solution

See Also

Item Details