All wireless PDA client VPN authentication credential cache timeout must be set to 2 hours or less.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32697 | WIR-MOS-iOS-034-06 | SV-43043r1_rule | ECWN-1 | Medium |
| Description |
|---|
| DoD data could be compromised if transmitted data is not secured with a compliant VPN. User authentication credentials (CAC PIN) may be compromised if a hacker credential cache is not wiped on a periodic basis. |
| STIG | Date |
|---|---|
| Apple iOS 5 Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-41059r2_chk ) |
|---|
| This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Review VPN client specification sheets. Verify the VPN client is inactive session timeout has been set to 2 hours or less. Mark as a finding if the timeout period is not set as required. |
| Fix Text (F-36595r1_fix) |
|---|
| Configure the VPN client to timeout an inactive session of 2 hours or less. |