| V-25007 | High | The PDA/smartphone must be configured to require a passcode for device unlock. | Sensitive DoD data could be compromised if a device unlock passcode is not set up on a DoD PDA/smartphone. These devices are particularly vulnerable because they are exposed to many potential... |
| V-14202 | Medium | FIPS 140-2 validated encryption modules must be used to encrypt unclassified sensitive data at rest on the wireless device (e.g., laptop, PDA, smartphone). | If a wireless device is lost or stolen without DAR encryption, sensitive DoD data could be compromised. Most known security breaches of cryptography result from improper implementation, not flaws... |
| V-30358 | Medium | DoD network users authorized to remotely connect to a DoD network from a residential WLAN must configure the access point with a strong pre-shared key (PSK) passcode. | If the passcode is weak, then an adversary is more likely to crack it. Once an adversary obtains the passcode, the adversary can use the passcode access to gain access to WLAN and potentially... |
| V-25016 | Medium | The device minimum password/passcode length must be set as required. | If the length of the passcode is less than the required length, brute force password attacks will take less time than they would otherwise. Successful attacks will compromise authentication... |
| V-25022 | Medium | PDAs/smartphones must display the required banner during device unlock/ logon. | DoD CIO memo requires all PDAs, BlackBerrys, and smartphones to have a consent banner displayed during logon/device unlock to ensure users understand their responsibilities to safeguard DoD data. ... |
| V-19897 | Medium | All wireless PDA clients used for remote access to DoD networks must have a VPN capability that supports AES encryption. | DoD data could be compromised if transmitted data is not secured with a compliant VPN. |
| V-25011 | Medium | Password/passcode maximum failed attempts must be set to the required value. | A hacker with unlimited attempts can determine the passcode of a smartphone within a few minutes using password hacking tools, which could lead to unauthorized access to the PDA/smartphone and... |
| V-14275 | Medium | DoD-licensed anti-malware software will be installed on all wireless clients (e.g., PDAs and smartphones) and non-wireless PDAs. | Security risks inherent to wireless technology usage can be minimized with security measures such current anti-virus updates. |
| V-19899 | Medium | Wireless PDA VPNs must operate with split tunneling disabled. | DoD data could be compromised if transmitted data is not secured with a compliant VPN. |
| V-19898 | Medium | All wireless PDA clients used for remote access to a DoD network must have a VPN capability that supports CAC authentication. | If an adversary can bypass a VPN’s authentication controls, then the adversary can compromise DoD data transmitted over the VPN and conduct further attacks on DoD networks. CAC authentication... |
| V-18627 | Medium | The VPN client on wireless clients (PDAs, smartphones) used for remote access to DoD networks must be FIPS 140-2 validated. | DoD data could be compromised if transmitted data is not secured with a compliant VPN. FIPS validation provides a level of assurance that the encryption of the device has been securely implemented. |
| V-18625 | Medium | PDA and Smartphones that are connected to DoD Windows computers via a USB connection must be compliant with requirements. | PDAs with flash memory can introduce malware to a PC when they are connected for provisioning of the PDA or to transfer data between the PC and PDA, particularly if the PDA is seen by the PC as a... |
| V-25009 | Low | Maximum password/passcode age must be set as required. | If the passcode is not changed periodically, then an adversary with knowledge of the passcode can use it indefinitely without detection, potentially allowing access to sensitive DoD information... |
| V-18621 | Low | A personal firewall must be implemented on each PDA / smartphone that is used to connect to the Internet or DoD network. | Without a personal firewall, the PDA / Smartphone is susceptible to vulnerability scanning and malware attacks from the Internet and other networks to which it may intentionally or inadvertently connect. |
