Mobile OS devices (smartphones/tablets) device integrity validation scan interval must be 6 hours or less.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-30567 | WIR-MOS-AND-045-03 | SV-40286r1_rule | ECWN-1 | Medium |
| Description |
|---|
| The purpose of this scan is to determine if there has been an unexplained change in the mobile OS file system that may indicate the device has been compromised by malware or by rooting the device. |
| STIG | Date |
|---|---|
| Android 2.2 (Dell) Security Technical Implementation Guide | 2011-11-28 |
Details
| Check Text ( C-39132r1_chk ) |
|---|
| The scan interval is setup on the device but cannot be verified on the device. Check Procedures: Interview the IAO and Android device Administrator. Select 4-5 Android site managed Android devices to review. -For each device, have the Android device Administrator show scan logs for each device for the previous week. Verify the scans are about 6 hours or less apart. If the scans are not approximately 6 hours apart, mark as a finding. Note: There are several factors that could influence how often the scans are conducted and emailed from the mobile device, including if the device is powered on and if the device has wireless connectivity with the SMTP server. The reviewer should use their best judgment to verify that the majority of the scans received in the previous week for each device being reviewed are about 6 hours or less apart. |
| Fix Text (F-34281r1_fix) |
|---|
| Configure the Fixmo Sentinel application to scan site managed Android devices every 6 hours or less. |