|Finding ID||Version||Rule ID||IA Controls||Severity|
|DoD data could be compromised if transmitted data is not secured with a compliant VPN. FIPS validation provides a level of assurance that the encryption of the device has been securely implemented.|
|Apple iOS 5 Security Technical Implementation Guide (STIG)||2012-07-20|
|Check Text ( C-39120r2_chk )|
| This check is not applicable if the installed VPN client is not used for remote access to DoD networks. |
Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Review VPN client specification sheets and FIPS 140-2 certificate. Verify the VPN client is FIPS 140-2 validated. Check the NIST certificate for the mobile OS or VPN client. Mark as a finding if the VPN is not FIPS 140-2 validated.
|Fix Text (F-37266r1_fix)|
|Install a FIPS 140-2 validated VPN client.|