UCF STIG Viewer Logo

All mobile device VPN clients used for remote access to DoD networks must be configured to require CAC authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19898 WIR-MOS-iOS-034-03 SV-36450r2_rule ECWN-1 Medium
Description
DoD data could be compromised if transmitted data is not secured with a compliant VPN.
STIG Date
Apple iOS 6 Security Technical Implementation Guide (STIG) 2013-05-23

Details

Check Text ( C-35554r4_chk )
This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Note: Use of a VPN to access DoD email on a mobile device is not required.

Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Review VPN client specification sheets and verify the VPN client support CAC authentication. Mark as a finding if the VPN does not support CAC authentication or the client is not configured to require CAC authentication.
Fix Text (F-37265r4_fix)
Install a VPN client that supports CAC authentication and configure the client to require CAC authentication.