The mobile operating system must encrypt all data in transit using AES encryption when communicating with DoD information resources (128-bit key length is the minimum requirement; 256-bit desired).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32704 | WIR-MOS-iOS-65-06 | SV-43050r1_rule | DCNR-1 | Medium |
| Description |
|---|
| The most common vulnerabilities with cryptographic modules are those associated with poor implementation. FIPS 140 validation provides assurance that the relevant cryptography has been implemented correctly. FIPS validation is also a strict requirement for use of cryptography in the Federal Government. |
| STIG | Date |
|---|---|
| Apple iOS 6 Interim Security Configuration Guide (ISCG) | 2013-01-17 |
Details
| Check Text ( C-41067r5_chk ) |
|---|
| Review the operating system documentation and configuration (and possibly application configuration) to determine if the system uses AES encryption (128 bit or longer). If it does not use AES encryption with the required key length, this is a finding. Note: iOS does not currently meet this requirement but a third-party application could be used to meet the requirement. Verify one or more third-party applications (VPN client, email client, and/or browser, etc.) are used that meet this requirement for all connections to the DoD network. Mark as a finding if the system does not use AES encryption with the required key length for all connections to the DoD network. |
| Fix Text (F-36602r1_fix) |
|---|
| Configure the VPN client, email client, and other applications that communicate with DoD information resources to use AES encryption with 128-bit (or longer) keys. |