Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
All wireless PDA client VPNs must timeout an inactive session after a set period of inactivity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32696 | WIR-MOS-iOS-034-05 | SV-43042r1_rule | ECWN-1 | Medium |
| Description |
|---|
| The data on a DoD iOS device most likely contains sensitive DoD information, therefore, when device data is backed up to a local, approved laptop, the data should be encrypted to prevent compromise of data. |
| STIG | Date |
|---|---|
| Apple iOS 5 Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-41058r3_chk ) |
|---|
| This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Review VPN client specification sheets. Verify the VPN client is configured to timeout an inactive session after a set period of inactivity. The check procedures will vary depending on the VPN client used. Mark as a finding if the VPN client is not configured to timeout after 4 hours. |
| Fix Text (F-36594r3_fix) |
|---|
| Configure the VPN client to timeout a session after 4 hours of inactivity. |