Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33094 | SRG-OS-000116-MOS-000071 | SV-43492r2_rule | Medium |
Description |
---|
Without strong mutual authentication a mobile device may connect to an unauthorized network. In many cases, the user may falsely believe that the device is connected to an authorized network and then provide authentication credentials and other sensitive information. A strong bidirectional cryptographically based authentication method mitigates this risk. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-04-12 |
Check Text ( C-41353r2_chk ) |
---|
Identify the network interfaces over which authentication may occur. For each of these, review the system documentation and operating system configuration to determine if the device authenticates devices prior to establishing a network connection. Note: This requirement also applies to a private VPN connection from the carrier's network to the DoD network that is designed to route all mobile device traffic directly to the DoD network. If the operating system does not perform this authentication, this is a finding. |
Fix Text (F-36994r1_fix) |
---|
Configure the operating system to authenticate devices before establishing remote connections. |