Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The VPN client on mobile devices used for remote access to DoD networks must be FIPS 140-2 validated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18627 | WIR-MOS-iOS-034-01 | SV-40265r2_rule | ECWN-1 | Medium |
| Description |
|---|
| DoD data could be compromised if transmitted data is not secured with a compliant VPN. FIPS validation provides a level of assurance that the encryption of the device has been securely implemented. |
| STIG | Date |
|---|---|
| Apple iOS 6 Interim Security Configuration Guide (ISCG) | 2013-01-17 |
Details
| Check Text ( C-39120r4_chk ) |
|---|
| This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Note: Use of a VPN to access DoD email on a mobile device is not required. Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Review VPN client specification sheets and FIPS 140-2 certificate. Verify the VPN client is FIPS 140-2 validated. Check the NIST certificate for the mobile OS or VPN client. Mark as a finding if the VPN is not FIPS 140-2 validated. |
| Fix Text (F-37266r1_fix) |
|---|
| Install a FIPS 140-2 validated VPN client. |