Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18627 | WIR-MOS-AND-034-01 | SV-38990r1_rule | ECWN-1 | Medium |
Description |
---|
DoD data could be compromised if transmitted data is not secured with a compliant VPN. FIPS validation provides a level of assurance that the encryption of the device has been securely implemented. |
STIG | Date |
---|---|
Android 2.2 (Dell) Security Technical Implementation Guide | 2011-11-28 |
Check Text ( C-37949r1_chk ) |
---|
This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Review VPN client specification sheets and FIPS 140-2 certificate. Verify the devices have a VPN client installed and is FIPS 140-2 validated. Check the NIST certificate for the mobile OS or VPN client. Mark as a finding if the VPN is not FIPS 140-2 validated. |
Fix Text (F-20573r2_fix) |
---|
Comply with policy requirement. |