Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The mobile operating systems VPN client must use either IPSec or SSL/TLS when connecting to DoD networks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33139 | SRG-OS-000160-MOS-000080 | SV-43537r2_rule | Medium |
| Description |
|---|
| Use of non-standard communications protocols can affect both the availability and confidentiality of communications. IPSec and SSL/TLS are both well-known and tested protocols that provide strong assurance with respect to both IA and interoperability. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41398r3_chk ) |
|---|
| Review system documentation and operating system configuration to verify the VPN client uses IPSec or SSL/TLS when connecting to DoD networks. Note: This requirement also applies to a private VPN connection from the carrier's network to the DoD network that is designed to route all mobile device traffic directly to the DoD network. If it does not support either of these protocols, or does not use them when establishing a VPN connection to a DoD network, this is a finding. |
| Fix Text (F-37039r1_fix) |
|---|
| Configure the mobile operating system's VPN client to use IPSec or SSL/TLS when connecting to a DoD network. |