STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Virtual Private Network (VPN) Security Requirements Guide

V-279023

CAT II (Medium)

The VPN Gateway, when transferring information between different security domains, must apply the same security policy filtering to metadata as it applies to data payloads.

Rule ID

SV-279023r1138056_rule

STIG

Virtual Private Network (VPN) Security Requirements Guide

Version

V3R4

CCIs

CCI-002211CCI-000366

Discussion

Subjecting metadata to the same filtering and inspection policies as payload data avoids the potential for data compromise through covert channels and the bypass of security policy filtering. This requirement applies to VPN Gateways that transfer information between different security domains (e.g., cross-domain solutions). This requirement also applies to Zero Trust initiatives.

Check Content

Determine if the VPN Gateway, when transferring information between different security domains, applies the same security policy filtering to metadata as it applies to data payloads.   

If the VPN Gateway does not apply the same security policy filtering to metadata as it applies to data payloads, when transferring information between different security domains, this is a finding.

Fix Text

Configure the VPN Gateway to apply the same security policy filtering to metadata as it applies to data payloads, when transferring information between different security domains.