UCF STIG Viewer Logo

The VPN client on wireless clients (PDAs, smartphones) used for remote access to DoD networks must be FIPS 140-2 validated.


Finding ID Version Rule ID IA Controls Severity
V-18627 WIR-MOS-PDA-034-01 SV-40039r1_rule ECWN-1 Medium
DoD data could be compromised if transmitted data is not secured with a compliant VPN. FIPS validation provides a level of assurance that the encryption of the device has been securely implemented.
PDA Security Technical Implementation Guide (STIG) 2014-03-18


Check Text ( C-39052r1_chk )
Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Review VPN client
specification sheets and FIPS 140-2 certificate. Verify the
devices have a VPN client installed and that it is FIPS 140-2
validated. Mark as a finding if the VPN is not FIPS 140-2
Fix Text (F-20573r6_fix)
Comply with requirement.