Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating system VPN client must employ DoD PKI approved mechanisms for authentication when connecting to DoD networks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33096 | SRG-OS-000116-MOS-000073 | SV-43494r2_rule | Medium |
| Description |
|---|
| VPNs are vulnerable to attack if they are not supported by strong authentication. An adversary may be able gain access to network resources and sensitive information if they can compromise the authentication process. Common Access Card (CAC) authentication is a strong cryptographic two-factor authentication that greatly mitigates the risk of VPN authentication breaches. Other DoD approved PKI mechanisms provide similar levels of assurance. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41355r2_chk ) |
|---|
| Examine the mobile operating system VPN client for employing DoD approved PKI mechanisms for authentication when connecting to DoD networks and servers. Note: This requirement also applies to a private VPN connection from the carrier's network to the DoD network that is designed to route all mobile device traffic directly to the DoD network. If the VPN client does not require DoD approved PKI for authentication, this is a finding. |
| Fix Text (F-36996r1_fix) |
|---|
| Configure the mobile operating system VPN client to employ DoD PKI approved mechanisms for authentication when connecting to DoD networks. |