2.5.1 Ensure 'VPN' is 'Configured'

Information

This recommendation pertains to establishing a virtual private network (VPN) connection as appropriate.

Rationale:
The network a device connects to provides important services that may be exploited by a malicious actor. Establishing a VPN mitigates the associated risks by encrypting data in transit and using known good network services, such as DNS.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

This remediation procedure cannot be accomplished with a checkbox. As mentioned below, a per-app VPN configuration is the preferred solution, but a system-wide VPN is also acceptable. An appropriate solution will need to be determined and implemented.
From the Configuration Profile:
1. Open Apple Configurator.
2. Open the Configuration Profile.
3. In the left windowpane, click on the VPN tab.
4. In the right windowpane, enter an appropriate VPN configuration.
5. Deploy the Configuration Profile.
From the device,
1. Tap Settings.
2. Tap General.
3. Tap VPN.
4. Enter an appropriate VPN configuration.

See Also

https://workbench.cisecurity.org/files/2141

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, CSCv7|14.4

Plugin: MDM

Control ID: 3d11b4eb641d448d551f3cfe02b8d0ecdca50d1f40b76de570cd78de498f01d6