UCF STIG Viewer Logo

The mobile operating system VPN client must employ DoD PKI approved mechanisms for authentication when connecting to DoD networks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-33096 SRG-OS-000116-MOS-000073 SV-43494r2_rule Medium
Description
VPNs are vulnerable to attack if they are not supported by strong authentication. An adversary may be able gain access to network resources and sensitive information if they can compromise the authentication process. Common Access Card (CAC) authentication is a strong cryptographic two-factor authentication that greatly mitigates the risk of VPN authentication breaches. Other DoD approved PKI mechanisms provide similar levels of assurance.
STIG Date
Mobile Operating System Security Requirements Guide 2013-07-03

Details

Check Text ( C-41355r2_chk )
Examine the mobile operating system VPN client for employing DoD approved PKI mechanisms for authentication when connecting to DoD networks and servers. Note: This requirement also applies to a private VPN connection from the carrier's network to the DoD network that is designed to route all mobile device traffic directly to the DoD network. If the VPN client does not require DoD approved PKI for authentication, this is a finding.
Fix Text (F-36996r1_fix)
Configure the mobile operating system VPN client to employ DoD PKI approved mechanisms for authentication when connecting to DoD networks.