The mobile operating system must encrypt all data in transit using AES encryption when communicating with DoD information resources (128-bit key length is the minimum requirement; 256-bit desired).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32704 | WIR-MOS-iOS-65-06 | SV-43050r1_rule | DCNR-1 | Medium |
| Description |
|---|
| If data traffic is sent unencrypted, an adversary may be able to read it to obtain sensitive information. AES encryption with 128-bit (or longer) keys mitigates the risk of unauthorized eavesdropping. This requirement applies to both VPN connections and DoD messaging connections (email and authorized instant messaging applications). |
| STIG | Date |
|---|---|
| Apple iOS 5 Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-41067r1_chk ) |
|---|
| Review the operating system documentation and configuration (and possibly application configuration) to determine if the system uses AES encryption with at least 128-bit keys. If it does not use AES encryption with the required key length, this is a finding. |
| Fix Text (F-36602r1_fix) |
|---|
| Configure the VPN client, email client, and other applications that communicate with DoD information resources to use AES encryption with 128-bit (or longer) keys. |