The mobile operating system's VPN client must use either IPSec or SSL/TLS when connecting to DoD networks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33139 | SRG-OS-000160-MOS-000080 | SV-43537r1_rule | Medium |
| Description |
|---|
| Use of non-standard communications protocols can affect both the availability and confidentiality of communications. IPSec and SSL/TLS are both well-known and tested protocols that provide strong assurance with respect to both IA and interoperability. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2012-10-01 |
Details
| Check Text ( C-41398r1_chk ) |
|---|
| Review system documentation and operating system configuration to verify the VPN client uses IPSec or SSL/TLS when connecting to DoD networks. If it does not support either of these protocols, or does not use them when establishing a VPN connection to a DoD network, this is a finding. |
| Fix Text (F-37039r1_fix) |
|---|
| Configure the mobile operating system's VPN client to use IPSec or SSL/TLS when connecting to a DoD network. |