STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 1 hour ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Ivanti Connect Secure VPN Security Technical Implementation Guide

Version

V2R2

Release Date

Sep 9, 2025

SCAP Benchmark ID

Ivanti_Connect_Secure_VPN_STIG

Total Checks

15

Tags

other

CAT I: 2CAT II: 12CAT III: 1

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (15)

V-258583MEDIUMThe ICS must be configured to ensure inbound and outbound traffic is configured with a security policy in compliance with information flow control policies.V-258584MEDIUMThe ICS must display the Standard Mandatory DOD Notice and Consent Banner before granting access to users.V-258585MEDIUMThe ICS must be configured to limit the number of concurrent sessions for user accounts to one.V-258586HIGHThe ICS must be configured to use TLS 1.2, at a minimum.V-258587LOWThe ICS must be configured to generate log records containing sufficient information about where, when, identity, source, or outcome of the events.V-258588MEDIUMThe ICS must be configured to uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).V-258589HIGHThe ICS must be configured to use multifactor authentication (e.g., DOD PKI) for network access to nonprivileged accounts.V-258590MEDIUMThe ICS, when utilizing PKI-based authentication, must be configured to validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.V-258591MEDIUMThe ICS must terminate remote access network connections after 10 minutes or less.V-258592MEDIUMThe ICS must be configured to send user traffic log data to redundant central log server.V-258593MEDIUMThe ICS must be configured to forward all log failure events where the detection and/or prevention function is unable to write events to local log record or send an SNMP trap that can be forwarded to the SCA and ISSO.V-258594MEDIUMThe ICS must be configured to authenticate all clients before establishing a connection.V-258595MEDIUMThe ICS must be configured to use an approved Commercial Solution for Classified (CSfC) when transporting classified traffic across an unclassified network.V-258596MEDIUMThe ICS must be configured to disable split-tunneling for remote client VPNs.V-258597MEDIUMThe ICS that provides a Simple Network Management Protocol (SNMP) Network Management System (NMS) must configure SNMPv3 to use FIPS-validated AES cipher block algorithm.