Title

All wireless PDA clients used for remote access to DoD networks must have a VPN supporting CAC authentication. (Cat II impact)

Discussion

DoD data could be compromised if transmitted data is not secured with a compliant VPN.

Check Content

This check is not applicable if the installed VPN client is not used for remote access to DoD networks. Interview the IAO and/or site wireless device administrator and inspect a sample (3-4) of site devices. Verify the VPN client supports CAC authentication to the DoD network (recommend asking the site wireless device administrator to demo this capability). Mark as a finding if CAC authentication is not supported.

Fix Text

Do not use the smartphone VPN client if it does not support CAC authentication.

Additional Identifiers

Rule ID: SV-35006r1_rule

Vulnerability ID: V-19898

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.