CASA-VN-000020 - The Cisco ASA must be configured to generate log records containing information to establish when the events occurred.
CASA-VN-000120 - The Cisco ASA must be configured to validate certificates via a trustpoint that identifies a DoD or DoD-approved certificate authority.
CASA-VN-000130 - The Cisco ASA must be configured to not accept certificates that have been revoked when using PKI for authentication.
CASA-VN-000170 - The Cisco ASA must be configured to use NIST FIPS-validated cryptography for Internet Key Exchange (IKE) Phase 1.
CASA-VN-000200 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to implement IPsec encryption services.
CASA-VN-000210 - The Cisco ASA must be configured to use a Diffie-Hellman (DH) Group of 14 or greater for Internet Key Exchange (IKE) Phase 1.
CASA-VN-000230 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 1.
CASA-VN-000350 - The Cisco ASA VPN gateway must be configured to renegotiate the IPsec Security Association after eight hours or less.
CASA-VN-000360 - The Cisco ASA VPN gateway must be configured to renegotiate the IKE security association after 24 hours or less.
CASA-VN-000390 - The Cisco ASA remote access VPN server must be configured to use a separate authentication server than that used for administrative access.
CASA-VN-000410 - The Cisco ASA remote access VPN server must be configured to identify and authenticate users before granting access to the network.
CASA-VN-000440 - The Cisco ASA remote access VPN server must be configured to enforce certificate-based authentication before granting access to the network.
CASA-VN-000460 - The Cisco ASA remote access VPN server must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the network.
CASA-VN-000550 - The Cisco ASA remote access VPN server must be configured to use TLS 1.2 or higher to protect the confidentiality of remote access connections.
CASA-VN-000610 - The Cisco ASA remote access VPN server must be configured to generate unique session identifiers using a FIPS-validated Random Number Generator (RNG) based on the Deterministic Random Bit Generators (DRBG) algorithm.
CASA-VN-000640 - The Cisco VPN remote access server must be configured to use AES encryption for the Internet Key Exchange (IKE) Phase 1 to protect confidentiality of remote access sessions.
CASA-VN-000650 - The Cisco ASA VPN remote access server must be configured to use Advanced Encryption Standard (AES) encryption for the IPsec security association to protect the confidentiality of remote access sessions.
CASA-VN-000660 - The Cisco VPN remote access server must be configured to accept Common Access Card (CAC) credential credentials.
CASA-VN-000700 - The Cisco ASA VPN remote access server must be configured to disable split-tunneling for remote clients.
CASA-VN-000720 - The Cisco ASA VPN remote access server must be configured to generate log records when successful and/or unsuccessful VPN connection attempts occur.
Miscellaneous
Metadata updated.
Platform check updated.
See also link updated.
Added
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred - svc
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred - vpn
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred - vpnc
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred - vpnfo
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred - webfo
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred - webvpn
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - logging permit-hostdown
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable - logging queue
CASA-VN-000090 - The Cisco ASA must be configured to generate an alert that can be forwarded as an alert to organization-defined personnel and/or firewall administrator of all log failure events - logging host
CASA-VN-000090 - The Cisco ASA must be configured to generate an alert that can be forwarded as an alert to organization-defined personnel and/or firewall administrator of all log failure events - logging trap
CASA-VN-000150 - The Cisco ASA must be configured to use Internet Key Exchange (IKE) for all IPsec security associations - IPsec Phase
CASA-VN-000150 - The Cisco ASA must be configured to use Internet Key Exchange (IKE) for all IPsec security associations - Interface
CASA-VN-000150 - The Cisco ASA must be configured to use Internet Key Exchange (IKE) for all IPsec security associations - Policy
CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations - IPsec Phase
CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations - Interface
CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations - Policy
CASA-VN-000180 - The Cisco ASA must be configured to specify Perfect Forward Secrecy (PFS) for the IPsec Security Association (SA) during IKE Phase 2 negotiation - ikev2
CASA-VN-000180 - The Cisco ASA must be configured to specify Perfect Forward Secrecy (PFS) for the IPsec Security Association (SA) during IKE Phase 2 negotiation - peer
CASA-VN-000180 - The Cisco ASA must be configured to specify Perfect Forward Secrecy (PFS) for the IPsec Security Association (SA) during IKE Phase 2 negotiation - pfs
CASA-VN-000190 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to generate cryptographic hashes - IKE Phase 1
CASA-VN-000190 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to generate cryptographic hashes - IPsec SA
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2 - IKE Phase 2
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2 - proposal
CASA-VN-000300 - The Cisco ASA VPN gateway must be configured to restrict what traffic is transported via the IPsec tunnel according to flow control policies - ACL
CASA-VN-000300 - The Cisco ASA VPN gateway must be configured to restrict what traffic is transported via the IPsec tunnel according to flow control policies - crypto map
CASA-VN-000310 - The Cisco ASA VPN gateway must be configured to identify all peers before establishing a connection - ipsec-121
CASA-VN-000310 - The Cisco ASA VPN gateway must be configured to identify all peers before establishing a connection - local-authentication
CASA-VN-000310 - The Cisco ASA VPN gateway must be configured to identify all peers before establishing a connection - remote-authentication
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - crypto map
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - encryption
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - group
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - integrity
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - ipsec-proposal
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network - prf
CASA-VN-000400 - The Cisco ASA remote access VPN server must be configured to use LDAP over SSL to determine authorization for granting access to the network - authorization-required
CASA-VN-000400 - The Cisco ASA remote access VPN server must be configured to use LDAP over SSL to determine authorization for granting access to the network - authorization-server-group
CASA-VN-000400 - The Cisco ASA remote access VPN server must be configured to use LDAP over SSL to determine authorization for granting access to the network - ldap
CASA-VN-000400 - The Cisco ASA remote access VPN server must be configured to use LDAP over SSL to determine authorization for granting access to the network - ldap-over-ssl
CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network - authorization-required
CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network - authorization-server-group
CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network - username-from-certificate
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event - svc
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event - vpn
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event - vpnc
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event - vpnfo
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event - webfo
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event - webvpn
CASA-VN-000510 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish where the events occurred - svc
CASA-VN-000510 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish where the events occurred - vpn
CASA-VN-000510 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish where the events occurred - vpnc
CASA-VN-000510 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish where the events occurred - vpnfo
CASA-VN-000510 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish where the events occurred - webfo
CASA-VN-000510 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish where the events occurred - webvpn
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events - svc
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events - vpn
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events - vpnc
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events - vpnfo
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events - webfo
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events - webvpn
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events - svc
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events - vpn
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events - vpnc
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events - vpnfo
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events - webfo
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events - webvpn
CASA-VN-000560 - The Cisco ASA remote access VPN server must be configured to use a FIPS-validated algorithm and hash function to protect the integrity of TLS remote access sessions - ssl cipher
CASA-VN-000560 - The Cisco ASA remote access VPN server must be configured to use a FIPS-validated algorithm and hash function to protect the integrity of TLS remote access sessions - ssl version
CASA-VN-000630 - The Cisco ASA remote access VPN server must be configured to use SHA-2 or greater for hashing to protect the integrity of IPsec remote access sessions - IKE Phase 1
CASA-VN-000630 - The Cisco ASA remote access VPN server must be configured to use SHA-2 or greater for hashing to protect the integrity of IPsec remote access sessions - IPsec SA
CASA-VN-000730 - The Cisco ASA VPN remote access server must be configured to validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation - ipsec-client
CASA-VN-000730 - The Cisco ASA VPN remote access server must be configured to validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation - ssl-client
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - crypto map
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - encryption
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - group
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - integrity
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - ipsec-proposal
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network - prf
DISA_STIG_Cisco_ASA_VPN_v1r1.audit from DISA Cisco ASA VPN v1r1 STIG
Removed
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred. - svc
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred. - vpn
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred. - vpnc
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred. - vpnfo
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred. - webfo
CASA-VN-000010 - The Cisco ASA must be configured to generate log records containing information to establish what type of VPN events occurred. - webvpn
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable. - logging permit-hostdown
CASA-VN-000080 - The Cisco ASA must be configured to queue log records locally in the event that the central audit server is down or not reachable. - logging queue
CASA-VN-000090 - The Cisco ASA must be configured to generate an alert that can be forwarded as an alert to organization-defined personnel and/or firewall administrator of all log failure events. - logging host
CASA-VN-000090 - The Cisco ASA must be configured to generate an alert that can be forwarded as an alert to organization-defined personnel and/or firewall administrator of all log failure events. - logging trap
CASA-VN-000150 - The Cisco ASA must be configured to use Internet Key Exchange (IKE) for all IPsec security associations. - IPsec Phase
CASA-VN-000150 - The Cisco ASA must be configured to use Internet Key Exchange (IKE) for all IPsec security associations. - Interface
CASA-VN-000150 - The Cisco ASA must be configured to use Internet Key Exchange (IKE) for all IPsec security associations. - Policy
CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations. - IPsec Phase
CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations. - Interface
CASA-VN-000160 - The Cisco ASA must be configured to use Internet Key Exchange v2 (IKEv2) for all IPsec security associations. - Policy
CASA-VN-000180 - The Cisco ASA must be configured to specify Perfect Forward Secrecy (PFS) for the IPsec Security Association (SA) during IKE Phase 2 negotiation. - ikev2
CASA-VN-000180 - The Cisco ASA must be configured to specify Perfect Forward Secrecy (PFS) for the IPsec Security Association (SA) during IKE Phase 2 negotiation. - peer
CASA-VN-000180 - The Cisco ASA must be configured to specify Perfect Forward Secrecy (PFS) for the IPsec Security Association (SA) during IKE Phase 2 negotiation. - pfs
CASA-VN-000190 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to generate cryptographic hashes. - IKE Phase 1
CASA-VN-000190 - The Cisco ASA must be configured to use a FIPS-validated cryptographic module to generate cryptographic hashes. - IPsec SA
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2. - IKE Phase 2
CASA-VN-000240 - The Cisco ASA must be configured to use FIPS-validated SHA-2 or higher for Internet Key Exchange (IKE) Phase 2. - proposal
CASA-VN-000300 - The Cisco ASA VPN gateway must be configured to restrict what traffic is transported via the IPsec tunnel according to flow control policies. - ACL
CASA-VN-000300 - The Cisco ASA VPN gateway must be configured to restrict what traffic is transported via the IPsec tunnel according to flow control policies. - crypto map
CASA-VN-000310 - The Cisco ASA VPN gateway must be configured to identify all peers before establishing a connection. - ipsec-121
CASA-VN-000310 - The Cisco ASA VPN gateway must be configured to identify all peers before establishing a connection. - local-authentication
CASA-VN-000310 - The Cisco ASA VPN gateway must be configured to identify all peers before establishing a connection. - remote-authentication
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network. - crypto map
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network. - encryption
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network. - group
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network. - integrity
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network. - ipsec-proposal
CASA-VN-000340 - The Cisco ASA VPN gateway must use cryptographic algorithms approved by NSA to protect NSS when transporting classified traffic across an unclassified network. - prf
CASA-VN-000400 - The Cisco ASA remote access VPN server must be configured to use LDAP over SSL to determine authorization for granting access to the network. - authorization-required
CASA-VN-000400 - The Cisco ASA remote access VPN server must be configured to use LDAP over SSL to determine authorization for granting access to the network. - authorization-server-group
CASA-VN-000400 - The Cisco ASA remote access VPN server must be configured to use LDAP over SSL to determine authorization for granting access to the network. - ldap
CASA-VN-000400 - The Cisco ASA remote access VPN server must be configured to use LDAP over SSL to determine authorization for granting access to the network. - ldap-over-ssl
CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network. - authorization-required
CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network. - authorization-server-group
CASA-VN-000450 - The Cisco ASA remote access VPN server must be configured to map the distinguished name (DN) from the client's certificate to entries in the authentication server to determine authorization to access the network. - username-from-certificate
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event. - svc
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event. - vpn
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event. - vpnc
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event. - vpnfo
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event. - webfo
CASA-VN-000500 - The Cisco ASA remote access VPN server must be configured to generate log records containing information that establishes the identity of any individual or process associated with the event. - webvpn
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events. - svc
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events. - vpn
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events. - vpnc
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events. - vpnfo
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events. - webfo
CASA-VN-000520 - The Cisco ASA remote access VPN server must be configured to generate log records containing information to establish the source of the events. - webvpn
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events. - svc
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events. - vpn
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events. - vpnc
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events. - vpnfo
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events. - webfo
CASA-VN-000530 - The Cisco ASA remote access VPN server must be configured to produce log records containing information to establish the outcome of the events. - webvpn
CASA-VN-000560 - The Cisco ASA remote access VPN server must be configured to use a FIPS-validated algorithm and hash function to protect the integrity of TLS remote access sessions. - ssl cipher
CASA-VN-000560 - The Cisco ASA remote access VPN server must be configured to use a FIPS-validated algorithm and hash function to protect the integrity of TLS remote access sessions. - ssl version
CASA-VN-000630 - The Cisco ASA remote access VPN server must be configured to use SHA-2 or greater for hashing to protect the integrity of IPsec remote access sessions. - IKE Phase 1
CASA-VN-000630 - The Cisco ASA remote access VPN server must be configured to use SHA-2 or greater for hashing to protect the integrity of IPsec remote access sessions. - IPsec SA
CASA-VN-000730 - The Cisco ASA VPN remote access server must be configured to validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation. - ipsec-client
CASA-VN-000730 - The Cisco ASA VPN remote access server must be configured to validate certificates used for Transport Layer Security (TLS) functions by performing RFC 5280-compliant certification path validation. - ssl-client
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network. - crypto map
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network. - encryption
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network. - group
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network. - integrity
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network. - ipsec-proposal
CASA-VN-000760 - The Cisco ASA VPN remote access server must be configured to use an approved High Assurance Commercial Solution for Classified (CSfC) cryptographic algorithm for remote access to a classified network. - prf
DISA_STIG_Cisco_ASA_VPN_v1r1.audit from DISA Cisco ASA v1r1 STIG