Title

LG Android 6.x must enable VPN protection. (Cat III impact)

Discussion

A key characteristic of a mobile device is that they typically will communicate wirelessly and are often expected to reside in locations outside the physical security perimeter of a DoD facility. In these circumstances, the threat of eavesdropping is substantial. Virtual private networks (VPNs) provide confidentiality and integrity protection for data transmitted over untrusted media (e.g., air) and networks (e.g., the Internet). They also provide authentication services to ensure that only authorized users are able to use them. Consequently, enabling VPN protection counters threats to communications to and from mobile devices. SFR ID: FMT_SMF_EXT.1.1 #03

Check Content

This validation procedure is performed on both the MDM Administration Console and the LG for Android device. On the MDM console, do the following: 1. Ask the MDM administrator to display the list of configured VPN profiles in the "VPN profiles" rule. 2. Verify the list includes the organization VPN profile. On the LG Android device: 1. Open Settings >> Networks >> VPN. 2. Select "LG VPN". 3. Verify the list includes the organization VPN profile. If on the MDM console the organization VPN profile has not been set up or on the LG Android device the organization profile is not listed under "LG VPN", this is a finding.

Fix Text

Configure the mobile operating system to enable VPN protection. On the MDM Administration Console, configure the organization VPN profile in the "VPN profiles" rule.

Additional Identifiers

Rule ID: SV-81329r2_rule

Vulnerability ID: V-66839

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.