Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating system must encrypt all data in transit using AES encryption when communicating with DoD information resources (128-bit key length is the minimum requirement; 256-bit desired).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33142 | SRG-OS-000160-MOS-000083 | SV-43540r1_rule | Medium |
| Description |
|---|
| If data traffic is sent unencrypted, an adversary may be able to read it to obtain sensitive information. AES encryption with 128-bit (or longer) keys mitigates the risk of unauthorized eavesdropping. This requirement applies to both VPN connections and DoD messaging connections (email and authorized instant messaging applications). |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-04-12 |
Details
| Check Text ( C-41402r1_chk ) |
|---|
| Review the operating system documentation and configuration (and possibly application configuration) to determine if the system uses AES encryption with at least 128-bit keys. If it does not use AES encryption with the required key length, this is a finding. |
| Fix Text (F-37042r1_fix) |
|---|
| Configure the VPN client, email client, and other applications that communicate with DoD information resources to use AES encryption with 128-bit (or longer) keys. |