UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

All wireless PDA clients used for remote access to a DoD network must have a VPN capability that supports CAC authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19898 WIR-MOS-PDA-034-03 SV-31706r2_rule ECWN-1 Medium
Description
If an adversary can bypass a VPN’s authentication controls, then the adversary can compromise DoD data transmitted over the VPN and conduct further attacks on DoD networks. CAC authentication greatly mitigates this risk by providing strong two-factor authentication.
STIG Date
PDA/Smartphone Security Technical Implementation Guide 2011-10-07

Details

Check Text ( C-25512r2_chk )
Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices.

Verify the VPN client supports CAC authentication to the DoD network (recommend asking the site wireless device administrator to demo this capability).

Mark as a finding if CAC authentication is not supported.
Fix Text (F-20573r2_fix)
Comply with policy requirement.