Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
All wireless PDA client VPN authentication credential cache timeout must be set to 2 hours or less.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32697 | WIR-MOS-iOS-034-06 | SV-43043r1_rule | ECWN-1 | Medium |
| Description |
|---|
| DoD data could be compromised if transmitted data is not secured with a compliant VPN. User authentication credentials (CAC PIN) may be compromised if a hacker credential cache is not wiped on a periodic basis. |
| STIG | Date |
|---|---|
| Apple iOS 5 Security Technical Implementation Guide (STIG) | 2012-07-20 |
Details
| Check Text ( C-41059r2_chk ) |
|---|
| This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Review VPN client specification sheets. Verify the VPN client is inactive session timeout has been set to 2 hours or less. Mark as a finding if the timeout period is not set as required. |
| Fix Text (F-36595r1_fix) |
|---|
| Configure the VPN client to timeout an inactive session of 2 hours or less. |