All mobile device VPN clients used for remote access to DoD networks must support AES encryption.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19897	WIR-MOS-iOS-034-02	SV-36449r2_rule	ECWN-1	Medium

Description
DoD data could be compromised if transmitted data is not secured with a compliant VPN.

STIG	Date
Apple iOS6 Security Technical Implementation Guide	2014-10-07

Details

Check Text ( C-35553r3_chk )
This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Note: Use of a VPN to access DoD email on a mobile device is not required. Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Review VPN client specification sheets and the configuration of the VPN client. Verify the VPN client supports AES encryption. Verify the VPN client is configured to required AES. Mark as a finding if the VPN does not support AES or is not configured to require AES.

Check Text ( C-35553r3_chk )

This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Note: Use of a VPN to access DoD email on a mobile device is not required.

Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Review VPN client specification sheets and the configuration of the VPN client. Verify the VPN client supports AES encryption. Verify the VPN client is configured to required AES. Mark as a finding if the VPN does not support AES or is not configured to require AES.

Fix Text (F-37263r1_fix)
Install an AES Encrypted VPN client.