Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-19899 | WIR-MOS-PDA-034-04 | SV-31708r1_rule | ECWN-1 | Medium |
Description |
---|
DoD data could be compromised if transmitted data is not secured with a compliant VPN. |
STIG | Date |
---|---|
PDA Security Technical Implementation Guide (STIG) | 2014-03-18 |
Check Text ( C-25520r1_chk ) |
---|
This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Check to see if the VPN has a setting to disable split tunneling. The following test can also be done: 1. Connect to the Internet using the PDA browser. 2. Launch the VPN client and connect to the DoD network. 3. Check to see if the browser is still connected to the Internet. If yes, split tunneling is not disabled. Mark as a finding if split tunneling is not disabled on all PDA VPN clients as the default configuration setting. |
Fix Text (F-20573r6_fix) |
---|
Comply with requirement. |