All wireless PDA clients used for remote access to a DoD network must have a VPN capability that supports CAC authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19898 | WIR-MOS-PDA-034-03 | SV-31706r1_rule | ECWN-1 | Medium |
| Description |
|---|
| If an adversary can bypass a VPN’s authentication controls, then the adversary can compromise DoD data transmitted over the VPN and conduct further attacks on DoD networks. CAC authentication greatly mitigates this risk by providing strong two-factor authentication. |
| STIG | Date |
|---|---|
| PDA Security Technical Implementation Guide (STIG) | 2014-03-18 |
Details
| Check Text ( C-25512r1_chk ) |
|---|
| Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Verify the VPN client supports CAC authentication to the DoD network (recommend asking the site wireless device administrator to demo this capability). Mark as a finding if CAC authentication is not supported. |
| Fix Text (F-20573r6_fix) |
|---|
| Comply with requirement. |