STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Virtual Private Network (VPN) Security Requirements Guide

V-264335

CAT II (Medium)

The TLS VPN must be configured to limit authenticated client sessions to initial session source IP.

Rule ID

SV-264335r1138025_rule

STIG

Virtual Private Network (VPN) Security Requirements Guide

Version

V3R4

CCIs

CCI-001414

Discussion

Limiting authenticated client sessions to the initial session source IP for TLS VPNs is a safeguard against session hijacking, replay, and man-in-the-middle attacks, maintaining integrity and confidentiality of communication between clients and servers. This requirement also applies to Zero Trust initiatives.

Check Content

Verify the TLS VPN Gateway limits authenticated client sessions to initial session source IP.

If the TLS VPN Gateway does not limit authenticated client sessions to initial session source IP, this is a finding.

Fix Text

Configure the TLS VPN Gateway to limit authenticated client sessions to initial session source IP.