Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
All wireless PDA clients used for remote access to a DoD network must have a VPN capability that supports CAC authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19898 | WIR-MOS-PDA-034-03 | SV-31706r2_rule | ECWN-1 | Medium |
| Description |
|---|
| If an adversary can bypass a VPN’s authentication controls, then the adversary can compromise DoD data transmitted over the VPN and conduct further attacks on DoD networks. CAC authentication greatly mitigates this risk by providing strong two-factor authentication. |
| STIG | Date |
|---|---|
| PDA/Smartphone Security Technical Implementation Guide | 2011-10-07 |
Details
| Check Text ( C-25512r2_chk ) |
|---|
| Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Verify the VPN client supports CAC authentication to the DoD network (recommend asking the site wireless device administrator to demo this capability). Mark as a finding if CAC authentication is not supported. |
| Fix Text (F-20573r2_fix) |
|---|
| Comply with policy requirement. |